Cisco Cisco FirePOWER Appliance 8130 Notas de publicación
Version 5.3.0.6
Sourcefire 3D System Release Notes
18
Resolved Issues
Issues Resolved in Previous Updates
You can track defects resolved in this release using the Cisco Bug Search Tool
(
https://tools.cisco.com/bugsearch/
). A Cisco account is required. To view defects
addressed in older versions, refer to the legacy caveat tracking system. Because
you can update your appliances from Version 5.3 to Version 5.3.0.6, this update
also includes the changes from Version 5.3. Previously resolved issues are listed
by version.
Version 5.3.0.5:
•
Security Issue
Addressed multiple cross-site scripting (XSS) vulnerabilities.
(CSCus07858, CSCus07875)
•
Security Issue
Addressed multiple vulnerabilities in SSLv3 that allowed
external attacks on client connections, as described in CVE-2014-3569,
CVE-2014-3570, CVE-2014-3572, CVE-2015-0204, CVE-2015-0286,
CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293.
•
If you enable bypass on inline sets on your Series 3 device, you may lose
connectivity for up to 25 seconds during device reboot. (CSCur64678)
•
Resolved an issue where the system does not recognize which IP address
is the primary address and does not establish an Open Shortest Path First
(OSPF) connection if you configured the router interface of your clustered
Series 3 managed devices to both a private IP address and a Cisco
Redundancy Protocol (SFRP) IP address. (CSCur86355)
Version 5.3.0.4:
•
Security Issue
Addressed an arbitrary script injection vulnerability allowing
unauthenticated, remote attackers to exploit GNU C library. The fix is
addressed in CVE-2015-0235.
•
Resolved an issue where the Defense Center or managed device generated
High Unmanaged Disk Usage
health alerts. (145221/CSCze95877)
•
Resolved an issue where, if the system experienced lost connection to the
sensing interface of a registered Series 2 device, the device stopped
processing traffic and the system generated a health alert.(CSCur46982)
•
If you configure an inline pair of interfaces including
eth1
and
eth2
on a
virtual device and issue the
show traffic-statistics
CLI command, the
system will only display traffic statistics for eth1 and not for eth2. As a
workaround, run the ifconfig command in expert mode to show the
statistics. (CSCur59771)
•
Resolved an issue where latency may occur on devices with non-passive
interfaces during Snort restart. (CSCus13247)
•
Improved data processing between high availability peers. (CSCus79643)
•
Improved SFDataCorrelator capabilities. (CSCut23688)