Patch release notes 2308a
Release notes for Vyatta NOS 2308a, released November 30, 2023.
Issues resolved
Issues resolved in 2308a.
Issue number | Priority | Summary |
---|---|---|
VRVDR-61939 | Blocker | Telemetry Service rejects valid paths as invalid |
VRVDR-62331 | Critical | Inconsistency in successful user authentication logs seen when login via telnet, ssh and TACACS+ user |
VRVDR-62257 | Critical | HTTP(S) traffic not being categorised as "type web" |
VRVDR-61372 | Critical | BGP: atomic agg route-map not applied for existing route |
VRVDR-62228 | Major | Fix puncher log message |
VRVDR-61856 | Major | BGP: graceful shutdown timer not inherited |
Security vulnerabilities resolved
Security vulnerabilities resolved in 2308a.
Issue number | CVSS | Advisory | Summary |
---|---|---|---|
VRVDR-62316 | 9.8 | DSA-5519-1 | CVE-2023-4692, CVE-2023-4693: Debian DSA-5519-1 : grub2 - security update |
VRVDR-62219 | 9.8 | DSA-5505-1 | CVE-2023-41910: Debian DSA-5505-1 : lldpd — security update |
VRVDR-62671 | 9.1 | DSA-5533-1 | [DSA 5533-1] gst-plugins-bad1.0 security update |
VRVDR-62162 | 8.8 | DSA-5497-2 | [DSA 5497-2] libwebp security update |
VRVDR-62152 | 8.8 | DSA-5497-1 | [DSA 5497-1] libwebp security update |
VRVDR-61866 | 7.8 | DSA-5480-1 | [DSA-5480-1] : linux — security update |
VRVDR-61790 | 7.8 | DSA-5476-1 | [DSA 5476-1] gst-plugins-ugly1.0 security update |
VRVDR-62998 | 7.5 | DSA-5543-1 | CVE-2023-34058, CVE-2023-34059: Debian DSA-5543-1 : open-vm-tools — security update |
VRVDR-62211 | 7.5 | DSA-5504-1 | CVE-2023-3341, CVE-2023-4236: Debian DSA-5504-1 : bind9 — security update |
VRVDR-61935 | 7.5 | DSA-5475-1 | CVE-2022-40982, CVE-2023-20569: Debian DSA-5475-1 : linux — security update |
VRVDR-61727 | 7.1 | DSA-5448-1 | [DSA 5448-1] linux security update |
VRVDR-62273 | 6.5 | DSA-5517-1 | CVE-2023-4527, CVE-2023-4806, CVE-2023-4911: Debian DSA-5514-1 : glibc — security update |
VRVDR-62307 | 5.3 | DSA-5517-1 | CVE-2023-43785 CVE-2023-43786 CVE-2023-43787: [DSA 5517-1] libx11 security update |
Ciena 3840 and Ciena 3841 platform support
The 2308a release adds support for the Ciena 3840 and 3841 platforms, which are Intel Atom C3000 based general purpose uCPE devices.
Hardware specifications
CPU |
|
Memory | 4 / 8 GB memory with ECC (3840/3841) |
Storage | 64 GB eMMC SSD |
WAN |
|
LAN | 4 x 2.5 Gbps RJ-45 |
Internal / External Switch | None |
Local Access |
|
Security |
|
Buttons |
|
LED | 3 x front panel 4-color (Red, Green, Blue, Amber) LED's, user-configurable |
Bootloader | Embedded Blinkboot UEFI |
Power Input | +12 VDC locking barrel jack, external desktop PSU, regional AC cord options |
Power Consumption | 60 W |
FAN | Yes, not user configurable |
Configuration data model
No new configuration (either common or platform-specific) has been introduced for these platforms.
Operational mode commands
show hardware fru
show hardware sensor
request hardware-diagnostic leds
request hardware-diagnostic buttons
request hardware-diagnostic sensors
request hardware-diagnostic sfps
request hardware-diagnostic sims
Hardened mode
This release introduces support for hardened mode which provides more resiliency against cyber attacks by applying the "Secure by Design" and "Secure by Default" paradigms.
Limitations, restrictions, or behavior changes
The 2308a patch release introduces a number of limitations, restrictions and behavior changes that change the way the system operates.
VRRP
VRVDR-63249: VRRPv3 IPv6 RFC: disabled interface in the FAULT state doesn't recover when re-enabled.
- Disabling and then re-enabling
the data plane interface used by an IPv6 RFC VRRP interface sometimes leaves
the VRRP interface in the FAULT state despite the fact that the underlying
interface is up.
- Workaround: Toggling the data plane interface again may rectify the problem, as will making any changes to the VRRP configuration.
VRVDR-61389: VRRPv3 IPv6 VRF: core dump in
_ZSt9terminatev
.
- When removing all VRRP configuration, vyatta-vrrp may crash. There is no operational impact.
Cloud Networking overlay
2308a supports a single Geo, multi-hub Cloud Networking Overlay topology
Obsoleted commands
This release contains a range of configuration commands that were marked as deprecated in this release.
set system config-management commit-archive location
set system login user <name> authentication public-keys <X> options