The new VyOS 1.2.0-epa3 early is ready and available to subscribers
PowerDNS was updated to 4.1.8-2
StrongSWAN was updated to 5.7.2-1
FRRouting was updated to 6.0.2
A few vulnerabilities in PowerDNS recursor are fixed by the latest release, including CVE-2018-10851, CVE-2018-14626, and CVE-2018-14644. They would allow a remote attacker to crash the daemon by a specially crafted response, or, in one instance, a request, so everyone who uses DNS forwarding is advised to upgrade.
One possible instance of DoS in FRR’s BGP has been fixed as well
Multiple issues in the DMVPN implementation have been resolved. One issue caused the system to remove all SAs when a DMVPN peer went down, but it should be resolved now. Also, the “run show vpn ipsec sa” script is now capable of displaying DMVPN tunnels, and we hope it’s also more robust now.
If you experience any issues with DMVPN, or IPsec in general, please let us know.
Related issues: T1175, T1170, T1116.
Some people reported an issue with VMware tools causing a very high CPU load on machines with very large routing tables. Since many people use VyOS as a BGP edge router and receive full feeds, it could have a serious performance impact.
We have disabled data polling, which solved the performance problem, but it also prevents VMware VM data from updating when e.g. IP addresses of the VM change. The data set at config load time is displayed correctly so the impact of the change is limited.
We’ll keep looking into making data polling more granular.
Other issues we have resolved: