Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 1908d

Release notes for Vyatta NOS 1908d, released January 23, 2020.

Issues resolved

Issues resolved in release 1908d.

Issue number Priority Summary
VRVDR-49185BlockerIP Packet Filter not applied at bootup
VRVDR-48892BlockerPing failure with storm-control and QoS
VRVDR-48891BlockerDataplane crashed while changing PTP configuration
VRVDR-48728BlockerNetwork link down observed with VM built from vyatta-1908b-amd64-vrouter_20191010T1100-amd64-Build3.14.hybrid.iso
VRVDR-44104BlockerCreating a switch interface doesn't work with QinQ
VRVDR-49618CriticalServo notifications always using attVrouterPtpServoFailure
VRVDR-49246CriticalFlexware stops forwarding pkts over hardware switch after flooding unknown unicasts
VRVDR-48960CriticalSIAD - audit logs with no priority default to syslog level NOTICE, and are overly chatty
VRVDR-48820CriticalPTP: master not tracked correctly across port changes
VRVDR-48720CriticalPTP: assert in IDTStackAdaptor_UpdateBestMasterSelection
VRVDR-48660CriticalNo rotation occurring for /var/log/messages
VRVDR-48461CriticalSNMP Not working in 1908a
VRVDR-49426Major Mellanox-100G: kernel interface shows up even when data plane is stopped
VRVDR-49391MajorDisable (by default) logging of the time adjustments by the IDT servo
VRVDR-49223MajorHardware CPP rate limiter feature accepted packet count not working
VRVDR-49137MajorSyslog rate-limit not respected for above 65000 messages per interval
VRVDR-49020MajorRA VPN: Spoke not forwarding with ESP: Replay check failed for SPI logs
VRVDR-48850MajorPTP: Frequently logging Slave Unavailable/Available message in the console log
VRVDR-48585MajorICMP Unreachable not returned when decrypted IPSec packet is too large to pass tunnel interface MTU
VRVDR-47203Major1903d yang package fatal error
VRVDR-48992MinorSyslog generates message Child xxxxx has terminated, reaped by main-loop at wrong priority
VRVDR-47002MinorPTP: network information is not cleared from disabled (skipped) ports during reconfiguration

Security vulnerabilities resolved

Security vulnerabilities resolved in release 1908d.

Issue number CVSS Advisory Summary
VRVDR-494509.8 DSA-4587-1 CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255: Debian DSA-4587-1: ruby2.3 – security update
VRVDR-481338.8 DSA-4512-1 CVE-2019-13164, CVE-2019-14378: Debian DSA-4512-1: qemu – security update
VRVDR-478858.1 DSA-4495-1 CVE-2018-20836, CVE-2019-1125, CVE-2019-1999, CVE-2019-10207, CVE-2019-10638, CVE-2019-12817, CVE-2019-12984, CVE-2019-13233, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284: Debian DSA-4495-1: linux – security update
VRVDR-494777.5 DSA-4591-1 CVE-2019-19906: Debian DSA-4591-1: cyrus-sasl2 – security update
VRVDR-486917.5 DSA-4544-1 CVE-2019-16866: Debian DSA-4544-1: unbound – security update
VRVDR-481327.5 DSA-4511-1 CVE-2019-9511, CVE-2019-9513: Debian DSA-4511-1: nghttp2 – security update
VRVDR-491557.2N/ACVE-2018-5265: Devices allow remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the alias or ips parameter for shell metacharacters.
VRVDR-494865.3 DSA-4594-1 CVE-2019-1551: Debian DSA-4594-1: openssl1.0 – security update