VyOS Platform Blog

VyOS 1.3.7 release

Written by Daniil Baturin | May 13, 2024 5:18:36 PM Z

Hello, Community!

VyOS 1.3.7/Equuleus maintenance release is available now. It fixes the buffer overflow vulnerability recently discovered in GNU libc (CVE-2024-2961). It also adds a few useful options, such as startup resync in conntrack-sync and multiple peers for unicast VRRP; improves PPPoE server syntax to allow PADO delay of zero and client pools with arbitrary subnet masks; and fixes a bunch of bugs, including a bug that prevented BGP RPKI from loading correctly. Read on for details!

Security

  • T6324: CVE-2024-2961 (iconv buffer overflow in glibc)

New features and improvements

  • T1244: Add support for StartupResync in conntrack-sync
  • T5364: Make it possible to set the PADO delay to 0
  • T5418: Allow arbitrary subnets in PPPoE client IP pools
  • T5504: Make it possible to set more than one peer-address in unicast VRRP
  • T6057: Add ability to disable syslog for conntrackd

Bug fixes

  • T1751: DNS server addresses from DHCPv6 are not added to resolv.conf
  • T1976: deleting address-family under neighbor will disable neighbor
  • T2044: RPKI doesn't boot properly
  • T2113: OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping
  • T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS
  • T2590: DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c
  • T2612: HTTPS API, changing API key fails but goes through
  • T2801: conntrack-tools flooding logs
  • T2998: SNMP v3 oid "exclude" option doesn't work
  • T3437: BGP Confederation Addition Causes Error
  • T3992: Unhandled exception when trying to add an interface with an assigned address to a bridge
  • T4270: When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service
  • T4453: dhclient fails to renew DHCP lease with VRF
  • T5239: Host name and domain name missing from the FRR configuration
  • T5982: Isolated interfaces smoketest fail
  • T6004: Missing RPKI boot priority prevents it from loading
  • T6056: Applying 'system static-host-mapping' command calls unnecessary snmpd restart
  • T6088: Configuration corrupted after saving and powercut or force reboot
  • T6096: Config commits are not synced properly because 00vyos-sync is deleted by vyos-router
  • T6110: Insufficient validation of range option with failover in DHCP server
  • T6124: Docker equuleus build image doesn't build due to fpm
  • T6141: Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure
  • T6150: Impossible to set a static IP address via RADIUS in IPoE
  • T6193: dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces
  • T6196: Route-map and summary-only do not work in BGP aggregation at the same time
  • T6243: Update vyos-http-api-tools for package idna security advisory

Other resolved issues

  • T1198: Extra hyphen in suggested image name on upgrade
  • T6261: Typo in the operational mode connect and disconnect command output
View full post