Patch release notes 1908e
Release notes for Vyatta NOS 1908e, released February 21, 2020.
Issues resolved
Issues resolved in release 1908e.
| Issue number | Priority | Summary |
|---|---|---|
| VRVDR-49924 | Blocker | Commit failed in IPSec site-to-site configuration |
| VRVDR-49684 | Blocker | DHCP services within VRF failed to start after enabling secure boot |
| VRVDR-49631 | Blocker | PTP error message found on UFI06 |
| VRVDR-49822 | Critical | Only shows peering with 16 nodes in show ptp clock 0 |
| VRVDR-49633 | Critical | tcp_auth_collapse NULL pointer dereference causes kernel panic during SYN flood |
| VRVDR-49568 | Critical | Flexware XS and S: kernel panics on start after update to 4.19.93 |
| VRVDR-48944 | Critical | SIAD data plane crash when removing tunnels interface config |
| VRVDR-46719 | Critical | Poor TCP performance in iperf over IPSEC VTI (expect ~600Mbps but measuring ~2Mbps) |
| VRVDR-45071 | Critical | vyatta-security-vpn: vpn-config.pl: l2tp remote-access dhcp-interface lo.tag;/tmp/bad.sh;echo/code injection |
| VRVDR-45069 | Critical | vyatta-security-vpn: set security vpn rsa-keys local-key file /tmp/bad.sh;/tmp/bad.sh/code injection |
| VRVDR-45068 | Critical | vyatta-security-vpn: s2s tunnel protocol syntax script/code injection |
| VRVDR-45067 | Critical | vyatta-security-vpn: set security vpn ipsec site-to-site peer $CODE/code injection |
| VRVDR-45066 | Critical | vyatta-security-vpn: check_file_in_config passed unsanitized user input/code injection |
| VRVDR-45065 | Critical | vyatta-security-vpn-secrets: code injection |
| VRVDR-49459 | Major | Ping monitor may send more packets than specified in packets |
| VRVDR-49439 | Major | Path monitor does not handle fractional ping loss correctly |
| VRVDR-49584 | Minor | GRE over IPSec in transport mode (IKEv1) – responder intermittently replies no acceptable traffic selectors found |
| VRVDR-47869 | Minor | L2TP/IPSec with x.509 authentication fails due to incorrect path to certificates |
Security vulnerabilities resolved
Security vulnerabilities resolved in release 1908e.
| Issue number | CVSS | Advisory | Summary |
|---|---|---|---|
| VRVDR-49832 | 9.8 | DSA-4616-1 | CVE-2019-15890, CVE-2020-7039, CVE-2020-1711: Debian DSA-4616-1: qemu – security update |
| VRVDR-49642 | 9.8 | DSA-4602-1 | CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583, CVE-2018-12207, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-11135, CVE-2019-17348, CVE-2019-17347, CVE-2019-17346, CVE-2019-17345, CVE-2019-17344, CVE-2019-17343, CVE-2019-17342, CVE-2019-17341, CVE-2019-17340: Debian DSA-4602-1: xen – security update (MDSUM/RIDL), (MFBDS/RIDL/ZombieLoad), (MLPDS/RIDL), (MSBDS/Fallout) |
| VRVDR-49834 | 7.8 | DSA-4614-1 | CVE-2019-18634: Debian DSA-4614-1: sudo – security update |
| VRVDR-49132 | 7.8 | DSA-4564-1 | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135: Debian DSA-4564-1: linux – security update |
| VRVDR-49728 | N/A | DSA-4609-1 | CVE-2019-15795, CVE-2019-15796: Debian DSA-4609-1: python-apt – security update |