Patch release notes 2308b
Release notes for Vyatta NOS 2308b, released February 2, 2024.
Issues resolved
Issues resolved in 2308b.
| Key | Priority | Summary |
|---|---|---|
| VRVDR-63348 | Critical | Adding attributes to the routemap configuration does not result in changes to the routemap after a neighbor reset |
| VRVDR-63301 | Critical | BGP: Routemaps with continue <rule#> do not take effect on a match |
| VRVDR-63281 | Critical | DPI/AAR: Traffic is ignored |
| VRVDR-63246 | Critical | GRE: Having an incorrect ttl value and setting the ignore-df flag does not ignore the DF bit of the payload when encapsulating IP traffic |
| VRVDR-63245 | Critical | GRE: The ttl ip parameter is ineffective |
| VRVDR-63188 | Critical | Netflow export probably causes Vyatta to lose connection. |
| VRVDR-63054 | Critical | Enables support for AS path lists |
| VRVDR-63289 | Major | BGP and OSPF: Provisioning errors seen in logs |
| VRVDR-62724 | Major | IPsec fails with the following errors in logs:
|
| VRVDR-62687 | Minor | VRRP RFC-compatibility produces the following error in the log:
|
Security vulnerabilities resolved
Security vulnerabilities resolved in 2308b.
| Key | CVSS | Advisory | Summary |
|---|---|---|---|
| VRVDR-63590 | 9.8 | DSA-5586-1 | CVE-2021-41617 CVE-2023-28531 CVE-2023-48795 CVE-2023-51384CVE-2023-51385: Debian DSA-5586-1: openssh — security update |
| VRVDR-62342 | 9.8 | DSA-5523-1 | CVE-2023-38545 CVE-2023-38546: [DSA 5523-1] curl — security update |
| VRVDR-62671 | 9.1 | DSA-5533-1 | [DSA 5533-1] gst-plugins-bad1.0 — security update |
| VRVDR-63363 | 8.3 | DSA-5565-1 | [DSA 5565-1] gst-plugins-bad1.0 — security update |
| VRVDR-58081 | 8.1 | DSA-5150-1 | CVE-2022-24903: Debian DSA-5150-1: rsyslog — security update |
| VRVDR-63416 | 7.5 | DSA-5570-1 | CVE-2023-44487: Debian DSA-5570-1: nghttp2 — security update |
| VRVDR-58549 | 7.5 | DSA-5209-1 | CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810: Debian DSA-5209-1: net-snmp — security update |
| VRVDR-63595 | 7.2 | DSA-5591-1 | [DSA 5591-1] libssh — security update |
| VRVDR-63587 | 7.2 | DSA-5583-1 | [DSA 5583-1] gst-plugins-bad1.0 — security update |
| VRVDR-57273 | 6.8 | DSA-5105-1 | CVE-2021-25220, CVE-2022-0396: Debian DSA-5105-1: bind9 — security update |
| VRVDR-63591 | 6.5 | DSA-5587-1 | CVE-2023-46218, CVE-2023-46219: Debian DSA-5587-1: curl — security update |
| VRVDR-63365 | 6.5 | DSA-5567-1 | CVE-2023-3576 CVE-2023-40745 CVE-2023-41175: Debian DSA-5567-1: tiff — security update |
| VRVDR-58943 | 6.5 | DSA-5251-1 | CVE-2022-2928, CVE-2022-2929: Debian DSA-5251-1: isc-dhcp — security update |
| VRVDR-63535 | 5.9 | CVE-2023-48795 | CVE-2023-48795: prefix truncation attack targeting the SSH protocol (Terrapin Attack) |
New features
New features introduced in 2308b.
| Issue number | Priority | Summary |
|---|---|---|
| VRVDR-63108 | Critical | Enables support for ibgp local-as |