Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 1912f

Release notes for Vyatta NOS 1912f, released September 16, 2020.

Issues resolved

Issues resolved in release 1912f.

Issue numberPrioritySummary
VRVDR-52643Blockerrequest hard qsfp/sfp_status present X - performance degradation
VRVDR-52568BlockerRevert SIAD kernel panic defaults
VRVDR-52469Blockeri2c MUX reset required on S9500 to mitigate bus lock due to malfunctioning SFP
VRVDR-52447BlockerPTP: switching between the same master on multiple ports do not work if chosen port is down
VRVDR-52284BlockerS9500 - request hardware-diag version command missing product name, reporting eeprom error
VRVDR-52278BlockerS9500 - upgrade HW diags to v3.1.10
VRVDR-52248Blockervyatta-sfpd can start before platform init complete
VRVDR-52104BlockerS9500 integration of BSP 3.0.11, 3.0.12 and 3.0.13
VRVDR-52669CriticalCannot display EEPROM info for FINISAR FCLF8522P2BTL Copper Port
VRVDR-52190Criticalsmartd attempting to send email
VRVDR-52215CriticalMemory use after free when deleting storm control profile
VRVDR-51754CriticalRead-only account failed to stay in after log on
VRVDR-51344CriticalS9500-30XS: 10G Interface LED sometimes lit when interface is disabled
VRVDR-51135CriticalNTP client remains synchronized with server even though source interface has no address
VRVDR-50951CriticalOSPFv3 logs are not generated when OSPFv3 process is reset
VRVDR-50359Criticalshow int dataplane foo phy issues with vendor-rev
VRVDR-49935CriticalDataplane core dump generated following vyatta-dataplane restart in vlan_if_l3_disable
VRVDR-48315CriticalMalformed interface names in show ipv6 multicast interface with IPv6 GRE tunnels
VRVDR-50775MajorDataplane PANIC in bond_mode_8023ad_ext_periodic_cb with locally-sourced and terminated GRE traffic
VRVDR-49836MajorIPsec: Fails to be able to to ping from tunnel endpoint to tunnel endpoint with ping size 1419 using default MTU with site-2-site. Tunnel MTU discovery not working
VRVDR-48090MajorError: /transceiver-info/physical-channels/channel/0/laser-bias-current/: is not a decimal64 at /opt/vyatta/share/perl5/Vyatta/Configd.pm line 208
VRVDR-52546MinorGUI hangs/loading and finally timeout with an error message on browser
VRVDR-52228MinorThe command show hardware sensors sel gives a traceback
VRVDR-51114MinorChange command not found error for users running in a sandbox
VRVDR-50928MinorPTP: ufispace-bsp-utils 3.0.10 causing /dev/ttyACM0 to disappear
VRVDR-50549TrivialPTP: Spelling error in log msg Successfully configure DPLL 2 fast lcok

Security vulnerabilities resolved

Security vulnerabilities resolved in release 1912f.

Issue numberCVSSAdvisorySummary
VRVDR-527229.8DLA-2337-1CVE-2018-20852, CVE-2019-10160, CVE-2019-16056, CVE-2019-20907, CVE-2019-5010, CVE-2019-9636, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948: Debian DLA-2337-1 : python2.7 security update
VRVDR-526189.8DLA-2323-1CVE-2019-18814, CVE-2019-18885, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12655, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393: Debian DLA-2323-1 : linux-4.19 new package
VRVDR-530169.1DLA-2369-1
VRVDR-527238.8DLA-2340-1CVE-2018-20346, CVE-2018-20506, CVE-2018-8740, CVE-2019-16168, CVE-2019-20218, CVE-2019-5827, CVE-2019-9936, CVE-2019-9937, CVE-2020-11655, CVE-2020-13434, CVE-2020-13630, CVE-2020-13632, CVE-2020-13871:Debian DLA-2340-1 : sqlite3 security update
VRVDR-528447.5DLA-2355-1CVE-2020-8622, CVE-2020-8623: Debian DLA-2355-1 : bind9 security update
VRVDR-524765.9DLA-2303-1CVE-2020-16135: Debian DLA-2303-1 : libssh security update
VRVDR-52197N/AN/APrivilege escalation in reset ipv6 neighbors / reset ip arp commands

Kernel panic behavior

VRVDR-49991 modified kernel panic defaults by introducing additional panic events for the UfiSpace S9500-30XS platforms in 1912b.

The following additional events are available:
  • panic-on-io-nmi

  • panic-on-unrecovered-nmi

The reboot delay time that follows a kernel panic was also modified from 60 seconds to 30 seconds:
  • reboot-wait-after-panic = 30

VRVDR-52568 reverts the defaults in 1912f so the system no longer panics on the additional events. The reboot wait timer is also reverted to 60 seconds. The ability to use the CLI to change the behavior through configuration is still available, but the default behavior is different. No changes to the panic-of-oops default — it remains set.

Documentation errata

An error with the Remote Management Configuration Guide has been corrected in this release.

Remote Management Configuration Guide

By definition, a warmStart trap is sent when the SNMP daemon is reloaded. Since Vyatta NOS does not currently support the reload command, no warmStart traps will be sent. A coldStart trap, however, is sent upon system reboot when snmpd is started, and on service restart when the daemon is stopped and restarted.