Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 2005b

Release notes for Vyatta NOS 2005b, released September 22, 2020.

Issues resolved

Issues resolved in release 2005b.

Issue numberPrioritySummary
VRVDR-52918 BlockerHardware CPP not conforming to limiter rates
VRVDR-52879 BlockerPTP: Unable to peer with master when route to GM fails over to backup vlan
VRVDR-52643 Blockerrequest hard qsfp/sfp_status present X - performance degradation
VRVDR-52568 BlockerRevert SIAD kernel panic defaults
VRVDR-52505 BlockerCoredump triggered by vyatta-dataplane restart in bfd_main_destroy
VRVDR-52469 Blockeri2c MUX reset required on S9500 to mitigate bus lock due to malfunctioning SFP
VRVDR-52459 BlockerBFD IPv4 packet punting for hardware sessions does not work with cpp-rate-limiter
VRVDR-52453 BlockerIPv4 BFD sessions not updating negotiated tx value after config change
VRVDR-52447 BlockerPTP: switching between the same master on multiple ports does not work if the chosen port is down
VRVDR-52371 BlockerDHCP lease refused
VRVDR-52369 BlockerAdding authentication to a running BFD session does not take effect
VRVDR-52363 BlockerIPv6 BFD sessions stuck Down if neighbour brings session AdminDown then restarts BFD
VRVDR-52362 BlockerDataplane crash seen when unconfiguring BFD
VRVDR-52248 Blockervyatta-sfpd can start before platform init complete
VRVDR-52104 BlockerS9500 integration of BSP 3.0.11, 3.0.12 and 3.0.13
VRVDR-48480 BlockerPTP servo reports 0 pps after path switch during ECMP
VRVDR-52995 CriticalGrub update during image upgrade is broken
VRVDR-52994 CriticalBFD: Show bfd session details shows incorrect stats
VRVDR-52841 CriticalS9500-30XS: Receiving only 10Gig traffic going over 25Gig links
VRVDR-52641 CriticalLACP Bonding - packets transmitted with vlan 0 on S9500/QAX for some members
VRVDR-52489 CriticalDataplane crashes after reset bgp session with SEGV signal for bfd-plug in thread
VRVDR-52467 CriticalBFD V6: Session created in HW with wrong local diag
VRVDR-52418 CriticalBFD IPv4 session creation fails if the peer sets the Control Plane Independent flag
VRVDR-52413 CriticalIPv6 BFD session stuck in poll loop when Admin Down after a config change
VRVDR-52410 CriticalIPsec: SNMP trap no longer sent when IPsec tunnel goes up or down
VRVDR-52409 CriticalIPv6 BFD Neg Rx/Neg Tx values only update once every 30s
VRVDR-52401 CriticalDegradation of throughput by 10%-40% on v150 with 100M physical interface & QOS
VRVDR-52383 CriticalPTP: Internal errors causing PTP stack not to be created
VRVDR-52353 CriticalBFD session gets stuck in software when new preferred tx interface appears with no neighbor
VRVDR-52190 Criticalsmartd attempting to send email
VRVDR-52179 Criticaloverlayfs file corruption of user accounting files
VRVDR-52215 CriticalMemory use after free when deleting storm control profile
VRVDR-51860 CriticalDataplane crashes with SEGV/FPE signal in bfd cleanup scenario with OSPF/BGP
VRVDR-51846 CriticalRIB table not updated correctly for ospfv3 routes after flapping the primary path by making dataplane/switch interface link failure/recovery
VRVDR-51543 CriticalWith multiple peers using the same local-address, no authentication ids, and unique pre-shared-keys IKEv1 based IPsec stuck in 'init' for all but one peer
VRVDR-51408 CriticalFor-us packets dropped when packets arrive over LAG and CPP configured
VRVDR-50951 CriticalOSPFv3 logs are not generated when OSPFv3 process is reset
VRVDR-52739 MajorPort value in tunnel policy without specifying protocol causes error protocol must be formatted as well-known string. for IPsec 'show' commands
VRVDR-52668 MajorConfiguration fails to load after upgrade from 1801ze to 1912e when firewall rule with port range 0-65535 statement is present
VRVDR-52611 Majori40e driver silently drops multicast packets causing VRRP dual master
VRVDR-52468 MajorNeg Rx value not updated if requested value cannot be used
VRVDR-52424 MajorNETCONF edit-config applies changes with "none" default-operation, and no specified operation
VRVDR-52404 MajorICMP error returned with corrupted inner header causes seg-fault when passed through a FW/NAT44/PBR rule with logging enabled
VRVDR-52396 MajorBFD session fails to program in hardware trying to use flood-group as tx-port
VRVDR-52221 MajorDisabled PMTUD on GRE tunnel causes outer packet to inherit inner packet TTL value
VRVDR-52079 MajorUpdate revision statement in DANOS-specific yang file
VRVDR-51643 MajorSNMP Trap not receiving when CHILD_SA deleting
VRVDR-50831 MajorTunnels do not come up following a reboot
VRVDR-50775 MajorDataplane "PANIC in bond_mode_8023ad_ext_periodic_cb" w/ locally sourced and terminated GRE traffic
VRVDR-49836 MajorIPsec: Fails to ping from tunnel endpoint to tunnel endpoint with ping size 1419 using default mtu with site-2-site; Tunnel MTU discovery not working
VRVDR-46493 MajorIPSec RA-VPN Server : IKE proposal not found on server when setting the local-address to "any"
VRVDR-42123 Majoropd adds node.tag values under the wrong location in tab completion
VRVDR-52825 MinorConfiguring three sub-levels of time-zone is not possible, causing upgrade from earlier version to fail
VRVDR-52546 MinorGUI hangs/loads and finally time-outs with an error message on browser
VRVDR-52491 MinorPTP: show ptp apts output should include units in the value displays
VRVDR-52339 MinorPTP: Asymmetry output should contain currentValue to be inline with show ptp servo
VRVDR-52228 MinorThe command show hardware sensors sel gives a traceback
VRVDR-50928 MinorPTP: ufispace-bsp-utils 3.0.10 causing /dev/ttyACM0 to disappear
VRVDR-50549 TrivialPTP: Spelling error in log msg Successfully configure DPLL 2 fast lcok

Security vulnerabilities resolved

Security vulnerabilities resolved in release 2005b.

Issue numberCVSSAdvisorySummary
VRVDR-52618 9.8DLA-2323-1 CVE-2019-18814, CVE-2019-18885, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12655, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393: Debian DLA-2323-1 : linux-4.19 new package
VRVDR-52274 9.8DLA-2280-1 CVE-2019-18348, CVE-2020-8492, CVE-2020-14422: Debian DLA-2280-1 : python3.7 security update
VRVDR-52419 8.2DSA-4735-1 CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707: Debian DSA-4735-1 : grub2 - security update
VRVDR-52921 7.9DSA-4760-1 CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092: Debian DSA-4760-1: qemu security update
VRVDR-52627 7.8DSA-4746-1 CVE-2020-15861, CVE-2020-15862: Debian DSA-4746-1: net-snmp security update
VRVDR-52484 7.8DSA-4741-1 CVE-2020-12762: Debian DSA-4741-1 : json-c - security update
VRVDR-52787 7.5DSA-4752-1 CVE-2020-8619, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624: Debian DSA-4752-1 : bind9 - security update
VRVDR-52357 5.6DSA-4733-1 CVE-2020-8608: Debian DSA-4733-1: qemu security update

Kernel panic behavior

VRVDR-49991 modified kernel panic defaults by introducing additional panic events for the S9500-30XS platforms in 1912b.

The following additional events are available:

  • panic-on-io-nmi
  • panic-on-unrecovered-nmi

The reboot delay time that follows a kernel panic was also modified from 60 seconds to 30 seconds:

  • reboot-wait-after-panic = 30

VRVDR-52568 reverts the defaults in 1912f so the system no longer panics on the additional events. The reboot wait timer is also reverted to 60 seconds. The ability to use the CLI to change the behavior through configuration is still available, but the default behavior is different. No changes to the panic-of-oops default — it remains set.