Cisco Cisco FirePOWER Appliance 7020
Version 5.3.0.5
Sourcefire 3D System Release Notes
19
Resolved Issues
addressed in older versions, refer to the legacy caveat tracking system. Because
you can update your appliances from Version 5.3 to Version 5.3.0.5, this update
also includes the changes from Version 5.3. Previously resolved issues are listed
by version.
Version 5.3.0.4:
•
Security Issue
Addressed an arbitrary script injection vulnerability allowing
unauthenticated, remote attackers to exploit GNU C library. The fix is
addressed in CVE-2015-0235.
•
Resolved an issue where the Defense Center or managed device generated
High Unmanaged Disk Usage
health alerts. (145221/CSCze95877)
•
Resolved an issue where, if the system experienced lost connection to the
sensing interface of a registered Series 2 device, the device stopped
processing traffic and the system generated a health alert.(CSCur46982)
•
If you configure an inline pair of interfaces including
eth1
and
eth2
on a
virtual device and issue the
show traffic-statistics
CLI command, the
system will only display traffic statistics for eth1 and not for eth2. As a
workaround, run the ifconfig command in expert mode to show the
statistics. (CSCur59771)
•
Resolved an issue where latency may occur on devices with non-passive
interfaces during Snort restart. (CSCus13247)
•
Improved data processing between high availability peers. (CSCus79643)
•
Improved SFDataCorrelator capabilities. (CSCut23688)
Version 5.3.0.3:
•
Security Issue
Addressed an arbitrary injection vulnerability allowing
unauthenticated, remote attackers to execute commands via Bash to
address CVE-2014-6271 and CVE-2014-7169. (144862/CSCze95477,
144941/CSCze95479, 144948/CSCze96159)
•
Resolved an issue where, if you edited any of the applied intrusion policies,
the system marked all intrusion policies as out-of-date. (134066,
140135/CSCze91908)
•
Improved responsiveness of link state propagation. (137773/CSCze90606)
•
Resolved an issue where the documentation did not reflect that, if you
registered a cluster, stack, or clustered stack of devices to a Defense
Center, you had to manually reapply the device configuration.
(141624/CSCze93129, 142412/CSCze92735)
•
Resolved a rare issue where, when your system triggered an alert on the
first data packet of a TCP session from a server, the alert failed to specify
the egress interface. (141817/CSCze93047)
•
Improved the stability of the SMB and DCE/RPC preprocessor.
(142199/CSCze93232)