Patch release notes 2009b
Release notes for Vyatta NOS 2009b, released January 15, 2021.
Issues resolved
Issues resolved in release 2009b.
| Issue number | Priority | Summary |
|---|---|---|
| VRVDR-53699 | Blocker | PTP implementation noms all the PTP packets, even though not destined for it |
| VRVDR-53429 | Blocker | Up-rev Ufi hwdiag to 3.1.11 |
| VRVDR-53385 | Blocker | Repeat PTP servo failure messages |
| VRVDR-53325 | Blocker | fal_create_ptp_clock failed and failed to set TOD-In for PTP clock 0 following reboot |
| VRVDR-53324 | Blocker | ADI XS uCPE: InDiscards seen in the switch backplane at 1G |
| VRVDR-53305 | Blocker | Incoming PTP traffic is not being trapped to the PTP firmware |
| VRVDR-52877 | Blocker | ADI QoS Performance Issue with specific packet sizes |
| VRVDR-52074 | Blocker | Mark maps using DSCP resource groups don't pick up resource group changes |
| VRVDR-51818 | Blocker | FAL_BCM: Failed to set TOD-In for PTP clock 0: Internal error after reboot/power_cycle |
| VRVDR-53962 | Critical | Reboot D2MSN backup connection created systemd-coredump with BGP authentication enabled |
| VRVDR-53611 | Critical | Pre-configuration-script and post-configuration-script ignored in zerotouch client |
| VRVDR-53596 | Critical | config-sync is not operational when the configuration contains quotes |
| VRVDR-53570 | Critical | Storm control policy may have non-zero packet counts on being applied |
| VRVDR-53565 | Critical | l2tpeth: VLAN functionality not functional |
| VRVDR-53523 | Critical | IPsec RA VPN client: loads with invalid/unintended default values |
| VRVDR-53517 | Critical | PTP de-referencing bad interface pointer |
| VRVDR-53515 | Critical | PTP remains in acquiring state long enough to trigger an alarm |
| VRVDR-53510 | Critical | IPsec RA VPN client: source-interface/WAN-failover implementation is absent |
| VRVDR-53470 | Critical | ARP failing with L2TPv3 with IPsec protection |
| VRVDR-53459 | Critical | ATT-VROUTER-PTP-MIB::attVrouterPtpServoFailure no longer sent |
| VRVDR-53446 | Critical | BGP crash after deleting interface from VRF routing instance |
| VRVDR-53373 | Critical | When bond is disabled the link-state of member interfaces is u/D when configured but u/u after a reboot |
| VRVDR-53335 | Critical | SIAD: Auto negotiation does not seem to work reliably |
| VRVDR-53317 | Critical | PTP: port packet counters ignore signalling messages |
| VRVDR-53096 | Critical | Azure: VM fails to deploy due to Waiting for cloud-init to copy ovf-env.xml to /var/lib/waagent/ovf-env.xml |
| VRVDR-53083 | Critical | Coredump observed at in.telnetd |
| VRVDR-53052 | Critical | Interface added to switch in router mode with no interface switch configuration |
| VRVDR-52889 | Critical | Enabling L2TP over s2s breaks all other tunnels |
| VRVDR-52639 | Critical | IPsec Scale : Error: restart-vpn: configuration set failed: vici: transport error: read unix when issuing restart vpn on scaled topology |
| VRVDR-52574 | Critical | After reboot, the set virtualization ... commands are not configured |
| VRVDR-52395 | Critical | OSPF6d is crashing with 70k external routes while stopping OSPFv3 protocol on IXIA and also during delete OSPFv3 protocol configuration |
| VRVDR-53964 | Major | User-isolation feature is not present in licensed 'B' images |
| VRVDR-53854 | Major | Interfaces went down / panic: runtime error: slice bounds out of range |
| VRVDR-53782 | Major | Update to latest 5.4 stable kernel, 5.4.81 |
| VRVDR-53670 | Major | Add uCPE enforcement to reboot device based on cpu information in license file |
| VRVDR-53520 | Major | 'ipsec notify' does not activate ipsec daemon after VRRP failover |
| VRVDR-53099 | Major | TACACS+ starts only when service is restarted manually |
| VRVDR-53085 | Major | Multicast IPv4 and IPv6 is mutually exclusive on SIAD |
| VRVDR-52666 | Major | Commit fails when the saved config file with L3 addressing over dataplane interface is loaded along with "set system platform type router" |
| VRVDR-50884 | Major | Grub password printed in plain-text in installer logs |
| VRVDR-53368 | Minor | Alpha-numeric common pattern with preceding 0 in resources group <name> causes out of order list on config-sync slave |
| VRVDR-43453 | Minor | show l2tpeth/ show l2tpeth <interface> returns Use of uninitialized value in printf at /opt/vyatta/bin/vplane-l2tpeth-show.pl line 41 with the output |
| VRVDR-36175 | Minor | Add support for error-app-tag |
Security vulnerabilities resolved
Security vulnerabilities resolved in release 2009b.
| Issue number | CVSS | Advisory | Summary |
|---|---|---|---|
| VRVDR-53976 | 9.8 | DSA-4822-1 | CVE-2020-29361, CVE-2020-29362, CVE-2020-29363: Debian DSA-4822-1 : p11-kit - security update |
| VRVDR-53899 | 8.8 | DSA-4812-1 | CVE-2020-29479, CVE-2020-29480, CVE-2020-29481, CVE-2020-29482, CVE-2020-29483, CVE-2020-29484, CVE-2020-29485, CVE-2020-29486, CVE-2020-29566, CVE-2020-29570, CVE-2020-29571: Debian DSA-4812-1: xen security update |
| VRVDR-53861 | 8.2 | DLA-2483-1 | CVE-2019-19039, CVE-2019-19377, CVE-2019-19770, CVE-2019-19816, CVE-2020-0423, CVE-2020-8694, CVE-2020-14351, CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704, CVE-2020-25705, CVE-2020-27673, CVE-2020-27675, CVE-2020-28941, CVE-2020-28974: Debian DLA-2483-1: linux-4.19 security update |
| VRVDR-53797 | 7.8 | DSA-4804-1 | CVE-2020-27670, CVE-2020-27671, CVE-2020-27672, CVE-2020-27674, CVE-2020-28368: Debian DSA-4804-1: xen security update |
| VRVDR-53741 | 7.5 | DSA-4795-1 | CVE-2020-28196: Debian DSA-4795-1 : krb5 - security update |
| VRVDR-53485 | 7.5 | DSA-4782-1 | CVE-2020-25692: Debian DSA-4782-1 : openldap - security update |
| VRVDR-53421 | 6.5 | DSA-4777-1 | CVE-2020-15999: Debian DSA-4777-1 : freetype - security update |
| VRVDR-53872 | 6.1 | DSA-4810-1 | CVE-2020-27783: Debian DSA-4810-1 : lxml - security update |
| VRVDR-53821 | 5.9 | DSA-4807-1 | CVE-2020-1971: Debian DSA-4807-1 : openssl - security update |
| VRVDR-53829 | 5.7 | DSA-4808-1 | CVE-2020-27350: Debian DSA-4808-1 : apt - security update |
| VRVDR-53830 | 2.8 | DSA-4809-1 | CVE-2020-27351: Debian DSA-4809-1 : python-apt - security update |
| VRVDR-53647 | N/A | DSA-4792-1 | CVE-2020-25709, CVE-2020-25710: Debian DSA-4792-1 : openldap - security update |
| VRVDR-53409 | N/A | DSA-4776-1 | CVE-2020-15180: Debian DSA-4776-1: mariadb-10.3 security update |