Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections


The defects that have been resolved in this release are detailed in this section.

Security vulnerabilities

Security issues have been resolved in this release.

[DSA 4497-1] linux security update (VRVDR-47897)CVE-2015-8553, CVE-2018-5995, CVE-2018-20836, CVE-2018-20856, CVE-2019-1125, CVE-2019-3882, CVE-2019-3900, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284
Debian DSA-4506-1 : qemu - security update (VRVDR-48074)CVE-2018-20815, CVE-2019-13164, CVE-2019-14378
[DSA 4511-1] nghttp2 security update (VRVDR-48132)CVE-2019-9511, CVE-2019-9513
[DSA 4512-1] qemu security update (VRVDR-48133)CVE-2019-13164, CVE-2019-14378
Debian DSA-4530-1 : expat - security update (VRVDR-48389)CVE-2019-15903
Debian DSA-4531-1 : linux - security update (VRVDR-48412)CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902
Debian DSA-4535-1 : e2fsprogs - security update (VRVDR-48446)CVE-2019-5094
Debian DSA-4539-1 : openssl - security update (VRVDR-48502)CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
Debian DSA-4543-1 : sudo - security update (VRVDR-48652)CVE-2019-14287
[DSA 4544-1] unbound security update (VRVDR-48691)CVE-2019-16866
Debian DSA-4547-1 : tcpdump - security update (VRVDR-48691)CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166
Debian DSA-4550-1 : file - security update (VRVDR-48841)CVE-2019-18218
DPDK leaking resources (VRVDR-49058)CVE-2019-14818
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials (VRVDR-49155)CVE-2018-5265

Resolved issues

Customer issues have been resolved in this release.

Component Key Summary
Dataplane VRVDR-46417 Dataplane is sending GRE packets sourced from non-exist VRRP VIP when router is BACKUP
NAT VRVDR-47596 NAT used count is showing count larger than total available (Cosmetic issue)
OSPF VRVDR-48415 OSPF flap to INIT state when changing (add or delete) network statements in OSPF
IPsec VRVDR-48585 ICMP Unreachable not returned when decrypted IPsec packet is too large to pass tunnel interface MTU
NAT VRVDR-48710 NAT Documentation
Firewall VRVDR-48717 Resources group address-group address-range entries do not work together with address entries
Documentation VRVDR-48879 Documentation - Basic_Routing_Configuration_5600 17.2.0 incorrect diagram
Logging VRVDR-48992 syslog generates message Child xxxxx has terminated, reaped by main-loop at wrong priority
IPsec VRVDR-49060 RA VPN: no ESP traffic from Hub to Spoke
Logging VRVDR-49137 Syslog rate-limit not respected for above 65000 messages per interval

Known issues

The known issues in this release have been identified.

Component Key Summary
Bonding VRVDR-49273 CPE traffic inbound to Vyatta based VPN servers suddenly drop to a flat 500Mbps throughput
Bridging VRVDR-49427

Bridge commit failure when changing both max-age and forwarding-delay

The order in which the bridge spanning-tree max-age and forwarding-delay attributes are configured is important. The overall relationship must be such that 2*(forwarding-delay-1) >= max-age (which is enforced by the  YANG definition). However care must be taken to ensure that the relationship is maintained as each individual value is updated.

For example if forwarding-delay is currently 15 and max-age is 20 (the default values) and both attributes need to be set to 10, then set max- age first (2*(15-1) >= 10), followed by forwarding-delay (2*(10-1) >= 10). Making the changes in the reverse order results in an internal error and a failure to update the bridge values (2*(10-1) < 20).