1.2.6-S1

1.2.6-S1 is a security release release made in September 2020.

Resolved issues

VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It’s a low- impact vulnerability in the PowerDNS recursor that allows an attacker to cause performance degradation via a specially crafted authoritative DNS server reply.

  • T2899 remote syslog server migration error on update

1.2.6

1.2.6 is a maintenance release made in September 2020.

Resolved issues

  • T103 DHCP server prepends shared network name to hostnames

  • T125 Missing PPPoE interfaces in l2tp configuration

  • T1194 cronjob is being setup even if not saved

  • T1205 module pcspkr missing

  • T1219 Redundant active-active configuration, asymmetric routing and conntrack-sync cache

  • T1220 Show transceiver information from plugin modules, e.g SFP+, QSFP

  • T1221 BGP - Default route injection is not processed by the specific route-map

  • T1241 Remove of policy route throws CLI error

  • T1291 Under certain conditions the VTI will stay forever down

  • T1463 Missing command show ip bgp scan appears in command completion

  • T1575 show snmp mib ifmib crashes with IndexError

  • T1699 Default net.ipv6.route.max_size 32768 is too low

  • T1729 PIM (Protocol Independent Multicast) implementation

  • T1901 Semicolon in values is interpreted as a part of the shell command by validators

  • T1934 Change default hostname when deploy from OVA without params.

  • T1938 syslog doesn’t start automatically

  • T1949 Multihop IPv6 BFD is unconfigurable

  • T1953 DDNS service name validation rejects valid service names

  • T1956 PPPoE server: support PADO-delay

  • T1973 Allow route-map to match on BGP local preference value

  • T1974 Allow route-map to set administrative distance

  • T1982 Increase rotation for atop.acct

  • T1983 Expose route-map when BGP routes are programmed in to FIB

  • T1985 pppoe: Enable ipv6 modules without configured ipv6 pools

  • T2000 strongSwan does not install routes to table 220 in certain cases

  • T2021 OSPFv3 doesn’t support decimal area syntax

  • T2062 Wrong dhcp-server static route subnet bytes

  • T2091 swanctl.conf file is not generated properly is more than one IPsec profile is used

  • T2131 Improve syslog remote host CLI definition

  • T2224 Update Linux Kernel to v4.19.114

  • T2286 IPoE server vulnerability

  • T2303 Unable to delete the image version that came from OVA

  • T2305 Add release name to “show version” command

  • T2311 Statically configured name servers may not take precedence over ones from DHCP

  • T2327 Unable to create syslog server entry with different port

  • T2332 Backport node option for a syslog server

  • T2342 Bridge l2tpv3 + ethX errors

  • T2344 PPPoE server client static IP assignment silently fails

  • T2385 salt-minion: improve completion helpers

  • T2389 BGP community-list unknown command

  • T2398 op-mode “dhcp client leases interface” completion helper misses interfaces

  • T2402 Live ISO should warn when configuring that changes won’t persist

  • T2443 NHRP: Add debugging information to syslog

  • T2448 monitor protocol bgp subcommands fail with ‘command incomplete’

  • T2458 Update FRR to 7.3.1

  • T2476 Bond member description change leads to network outage

  • T2478 login radius: use NAS-IP-Address if defined source address

  • T2482 Update PowerDNS recursor to 4.3.1 for CVE-2020-10995

  • T2517 vyos-container: link_filter: No such file or directory

  • T2526 Wake-On-Lan CLI implementation

  • T2528 “update dns dynamic” throws FileNotFoundError excepton

  • T2536 “show log dns forwarding” still refers to dnsmasq

  • T2538 Update Intel NIC drivers to recent release (preparation for Kernel >=5.4)

  • T2545 Show physical device offloading capabilities for specified ethernet interface

  • T2563 Wrong interface binding for Dell VEP 1445

  • T2605 SNMP service is not disabled by default

  • T2625 Provide generic Library for package builds

  • T2686 FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series

  • T2701 vpn ipsec pfs enable doesn’t work with IKE groups

  • T2728 Protocol option ignored for IPSec peers in transport mode

  • T2734 WireGuard: fwmark CLI definition is inconsistent

  • T2757 “show system image version” contains additional new-line character breaking output

  • T2797 Update Linux Kernel to v4.19.139

  • T2822 Update Linux Kernel to v4.19.141

  • T2829 PPPoE server: mppe setting is implemented as node instead of leafNode

  • T2831 Update Linux Kernel to v4.19.142

  • T2852 rename dynamic dns interface breaks ddclient.cache permissions

  • T2853 Intel QAT acceleration does not work