AT&T Vyatta 5400 vRouter security vulnerability fixes
As of August 30, 2018: This document lists the security vulnerability fixes for the Vyatta 5400 vRouter. When multiple Common Vulnerabilities and Exposures (CVE) numbers are addressed in a single update, the highest Common Vulnerability Scoring System (CVSS) score is listed.
6.7R14S10
Released August 30, 2018
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9911 | Major | 6.7R13S3 upgrade to 6.7R14S9 caused “rpc_scheddetected stalls on CPUs/tasks” and system crashed and frozen |
6.7R14S9
Released July 16, 2018
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9909 | 6.5 | DSA-4229-1 | CVE-2018-5388, CVE-2018-10811: Debian DSA-4229- 1: Strongswan security update |
| VSE-9903 | 9.8 | DLA-1390-1 | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126: Debian DLA-1390-1: procps security update |
6.7R14S8
Released June 1, 2018
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9905 | 7.5 | DLA-1388-1 | CVE-2018-11358, CVE-2018-11362, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9263, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270: Debian DLA-1388-1: wireshark – security update |
| VSE-9902 | 9.1 | DLA-1379-1 | CVE-2018-1000301: Debian DLA-1379-1: curl – security update |
| VSE-9899 | 6/5 | DLA-1375-1 | CVE-2018-0494: Debian DLA-1375-1: wget – security update |
6.7R14S7
Released May 14, 2018
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9525 | Minor | Show version gives “SMBIOS” error message |
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9897 | 9.8 | DLA-1358-1 | CVE-2017-17742, CVE-2018-1000075, CVE-2018- 1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-6914, CVE-2017-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780: Debian DLA-1358-1: ruby1.9.1 – security update |
| VSE-9896 | 7.5 | DLA-1353-1 | CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7332, CVE-2018-7334, CVE-2018-7335, CVE-2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418, CVE-2018-7419, CVE-2018-7420: Debian DLA-1353-1: wireshark – security update |
| VSE-9895 | 7.8 | DLA-1348-1 | CVE-2018-1000156: Debian DLA-1348-1: patch – security update |
| VSE-9894 | 9.8 | DLA-1345-1 | CVE-2018-6913: Debian DLA-1345-1: perl -s ecurity update |
| VSE-9893 | 6.5 | DLA-1330-1 | CVE-2018-0739: Debian DLA-1330-1: openssl - security update |
| VSE-9892 | 9.8 | DLA-1328-1 | CVE-2017-12627: Debian DLA-1328-1: xerces-c - security update |
| VSE-9891 | N/A | DLA-1323-1 | Debian DLA-1323-1: tzdata - security update |
| VSE-9890 | 9.8 | DLA-1309-1 | CVE-2018-1000120, CVE-2018-1000121, CVE-2018- 1000122: Debian DLA-1309-1: curl - security update |
| VSE-9886 | 8.8 | DSA-4071-1 | CVE-2017-17512: Debian DSA-4071-1: sensible-utils – security update |
| VSE-9885 | 6.5 | DSA-4018-1 | CVE-2017-3735, CVE_2017-3736: DSA-4018-1 openssl – security update |
| VSE-9832 | 7.5 | DLA-1059-1 | CVE-2017-11185: Debian DLA-1059-1: strongswan security update |
6.7R14S6
Released March 6, 2018.
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9880 | Minor | Disabling RPF source-validation does not remove setting from all interfaces |
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9887 | 6.5 | DSA-4101-1 | CVE-2018-5334, CVE-2018-5335, CVE-2018-5336: Debian DSA-4101-1: wireshark – security update |
| VSE-9884 | 9.8 | DSA-3971-1 | VE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725: Debian DSA-3971-1: tcpdump – security update |
| VSE-9883 | N/A | DLA-1291-1 | Debian DLA-1291-1: tzdata new upstream version |
| VSE-9878 | 9.8 | DLA-1263-1 | CVE-2018-1000007: Debian DLA-1263-1: curl security update |
| VSE-9871 | 5.6 | DSA-4078-1 | CVE-2017-5754: Debian DSA-4078-1: linux – security update (Meltdown) |
| VSE-9867 | 9.8 | DLA-1221-1 | CVE-2017-17405, CVE_2017-17790: Debian DLA- 1221-1: ruby1.0.1 security update |
| VSE-9852 | 8.8 | DLA-1149-1 | CVE-2017-13089, CVE-2017-13090: Debian DLA-1149- 1: wget security update |
| VSE-9851 | 9.1 | DLA-1143-1 | CVE-2017-1000257: Debian DLA-1143-1: curl security update |
| VSE-9850 | 7.8 | DLA-1135-1 | CVE-2017-10140: Debian DLA-1135-1: db security update |
| VSE-9817 | 7.8 | DLA-992-1 | CVE-2017-1000366 Plugin: 100875 Debian DLA-992-1: eglibc security update |
6.7R14S5
Released February 2, 2018.
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9866 | Minor | IPsec out of sequence inbound errors |
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9875 | 7.5 | DLA-1247-1 | CVE-2018-5764: Debian DLA-1247-1: rsync security update |
| VSE-9864 | N/A | DLA-1211-1 | CVE-2017-15412: Debian DLA-1211-1: libxml2 security update |
| VSE-9802 | 7.5 | DLA-973-1 | CVE-2017-9022, CVE-2017-9023: Debian DLA-973-1: strongswan security update |
6.7R14S4
Released December 19, 2017.
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9857 | 9.8 | DLA-1171-1 | CVE-2017-10672: DLA-1171-1 libxml-libxml-perl – security update |
6.7R14S3
Released November 14, 2017.
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9856 | N/A | DLA-1138-1 | CVE-2017-7805: Debian DLA-1138-1: nss security update |
| VSE-9852 | 8.8 | DLA-1149-1 | CVE-2017-13089, CVE-2017-13090: Debian DLA-1149- 1: wget security update |
6.7R14S2
Released October 10, 2017.
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9837 | Minor | “show system commit different” showing permission denied after upgrade from 6.7R11S9 to 6.7R13S3 |
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9845 | 9.8 | DLA-1124-1 | CVE-2017-14491, CVE-2017-14492, CVE-2017-14494: Debian DLA-1124-1: dnsmasq security update |
6.7R14S1
Released September 22, 2017.
Issues Resolved
| Issue Number | Priority | Summary |
|---|---|---|
| VSE-9831 | Major | MTU setting reverts back to default after reboot on a VIF interface |
Security Vulnerabilities Resolved
| Issue Number | CVSS score | Advisory | Summary |
|---|---|---|---|
| VSE-9841 | 9.8 | DLA-1060-1 | CVE-2017-0663, CVE-2017-7376: Debian DLA-1060-1: libxml2 security update |
| VSE-9840 | 6.5 | DLA-1062-1 | CVE-2017-1000100: Debian DLA-1062-1: curl security update |
| VSE-9839 | 7.5 | DLA-1059-1 | CVE-2017-11185: Debian DLA-1059-1: strongswan security update |
| VSE-9835 | 7.5 | DSA-3900-1 | CVE-2017-7522, CVE-2017-7521, CVE-2017-7520, CVE-2017-7508 OpenVPN security update |