Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 1908e

Release notes for Vyatta NOS 1908e, released February 21, 2020.

Issues resolved

Issues resolved in release 1908e.

Issue number Priority Summary
VRVDR-49924BlockerCommit failed in IPSec site-to-site configuration
VRVDR-49684BlockerDHCP services within VRF failed to start after enabling secure boot
VRVDR-49631BlockerPTP error message found on UFI06
VRVDR-49822CriticalOnly shows peering with 16 nodes in show ptp clock 0
VRVDR-49633Criticaltcp_auth_collapse NULL pointer dereference causes kernel panic during SYN flood
VRVDR-49568CriticalFlexware XS and S: kernel panics on start after update to 4.19.93
VRVDR-48944CriticalSIAD data plane crash when removing tunnels interface config
VRVDR-46719CriticalPoor TCP performance in iperf over IPSEC VTI (expect ~600Mbps but measuring ~2Mbps)
VRVDR-45071Criticalvyatta-security-vpn: vpn-config.pl: l2tp remote-access dhcp-interface lo.tag;/tmp/bad.sh;echo/code injection
VRVDR-45069Criticalvyatta-security-vpn: set security vpn rsa-keys local-key file /tmp/bad.sh;/tmp/bad.sh/code injection
VRVDR-45068Criticalvyatta-security-vpn: s2s tunnel protocol syntax script/code injection
VRVDR-45067Criticalvyatta-security-vpn: set security vpn ipsec site-to-site peer $CODE/code injection
VRVDR-45066Criticalvyatta-security-vpn: check_file_in_config passed unsanitized user input/code injection
VRVDR-45065Criticalvyatta-security-vpn-secrets: code injection
VRVDR-49459MajorPing monitor may send more packets than specified in packets
VRVDR-49439MajorPath monitor does not handle fractional ping loss correctly
VRVDR-49584MinorGRE over IPSec in transport mode (IKEv1) – responder intermittently replies no acceptable traffic selectors found
VRVDR-47869MinorL2TP/IPSec with x.509 authentication fails due to incorrect path to certificates

Security vulnerabilities resolved

Security vulnerabilities resolved in release 1908e.

Issue number CVSS Advisory Summary
VRVDR-498329.8 DSA-4616-1 CVE-2019-15890, CVE-2020-7039, CVE-2020-1711: Debian DSA-4616-1: qemu – security update
VRVDR-496429.8 DSA-4602-1 CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583, CVE-2018-12207, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-11135, CVE-2019-17348, CVE-2019-17347, CVE-2019-17346, CVE-2019-17345, CVE-2019-17344, CVE-2019-17343, CVE-2019-17342, CVE-2019-17341, CVE-2019-17340: Debian DSA-4602-1: xen – security update (MDSUM/RIDL), (MFBDS/RIDL/ZombieLoad), (MLPDS/RIDL), (MSBDS/Fallout)
VRVDR-498347.8 DSA-4614-1 CVE-2019-18634: Debian DSA-4614-1: sudo – security update
VRVDR-491327.8 DSA-4564-1 CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135: Debian DSA-4564-1: linux – security update
VRVDR-49728N/A DSA-4609-1 CVE-2019-15795, CVE-2019-15796: Debian DSA-4609-1: python-apt – security update