Patch release notes 2012k
Vyatta NOS patch release notes 2012k.
Released June 21, 2022
Issues resolved
Issues resolved in release 2012k.
Issue number | Priority | Summary |
---|---|---|
VRVDR-56336 | Blocker | Power-cycling or reboot hardware intermittently results in disk boot corruption so that SIAD is a grub prompt unable to boot |
VRVDR-58161 | Blocker | QinQ: The cli prompt does not return after deleting the vif config from the dataplane interface |
VRVDR-57146 | Critical | QinQ: config prompt does not return after deleting the vif from the dataplane interface, hence QinQ scripts are failing |
VRVDR-56916 | Critical | Installer errors and fails to install image on upgrade of Flexware box from 1903 |
VRVDR-56702 | Critical |
|
VRVDR-57467 | Critical | Banner with newline prevents loading configuration after upgrade from 1903j to 1908n |
VRVDR-57849 | Major | vyatta-vrrp crashes on boot if vrrp group is disabled |
VRVDR-57814 | Major | Crash of IKE control-plane during shutdown or VRRP backup-transition |
VRVDR-57797 | Major | IPsec: Crypto device limit causing tunnel setup failure |
VRVDR-57778 | Major | Vyatta configuration lost after reboot with |
VRVDR-57760 | Minor |
|
Security vulnerabilities resolved
Security vulnerabilities resolved in 2012k.
Issue number | CVSS score | Advisory | Summary |
---|---|---|---|
VRVDR-57991 | 9.8 | CVE-2022-29155: Debian DSA-5140-1 : openldap - security update | |
VRVDR-57926 | 9.8 | CVE-2022-1292: Debian DSA-5139-1 : openssl - security update | |
VRVDR-57734 | 9.8 | CVE-2021-3839, CVE-2022-0669: Debian DSA-5130-1 : dpdk - security update | |
VRVDR-58044 | 9.1 | CVE-2022-1664: Debian DSA-5147-1 : dpkg - security update | |
VRVDR-57161 | 8.8 | CVE-2021-43976, CVE-2022-0330, CVE-2022-0435, CVE-2022-0516, CVE-2022-0847, CVE-2022-22942, CVE-2022-24448, CVE-2022-24959, CVE-2022-25258, CVE-2022-25375: Debian DSA-5092-1: linux – security update | |
VRVDR-57692 | 7.8 | CVE-2021-4197, CVE-2022-0168, CVE-2022-1016, CVE-2022-1048, CVE-2022-1158, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1353, CVE-2022-1516, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-29582: Debian DSA-5127-1: linux – security update | |
VRVDR-57189 | 7.8 | CVE-2020-36310, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-25636: Debian DSA-5095-1: linux – security update | |
VRVDR-58014 | 6.5 | CVE-2022-29824: Debian DSA-5142-1 : libxml2 - security update |
AES-NI capable CPU is mandatory for IPsec using AES-GCM or AES-CBC
The AES-NI instruction set in the CPU must be enabled when using IPsec with AES-GCM or AES-CBC. Depending on the platform, AES-NI must be enabled in UEFI/BIOS, or in the hypervisor when using a virtual machine.
Consult the UEFI/BIOS configuration manual of your platform vendor to learn how to enable the AES-NI processor/CPU feature.