Cisco Cisco TelePresence Video Communication Server Expressway 릴리즈 노트
Resolved caveats
Cisco TelePresence Video Communication Server X7.2.4 Software Release Notes
Page 30 of 50
Identifier
Summary
Conditions: The issue is due to a race condition as ports are assigned during bootup. It occurs
rarely.
Workaround: It could potentially be cleared by a restart.
rarely.
Workaround: It could potentially be cleared by a restart.
CSCtx24762
The CPU load of the VCS increases dramatically in X7 when %localdomains% is used in
pattern matching.
Symptoms: The VCS has a high CPU load, reducing responsiveness.
Conditions: The issue is due to the increase in the number of local domains permitted in X7,
and the way in which the %localdomains% keyword is expanded in pattern matching.
Workaround: Explicitly list domains rather than use %localdomains%.
pattern matching.
Symptoms: The VCS has a high CPU load, reducing responsiveness.
Conditions: The issue is due to the increase in the number of local domains permitted in X7,
and the way in which the %localdomains% keyword is expanded in pattern matching.
Workaround: Explicitly list domains rather than use %localdomains%.
Resolved in X7.0.2
Identifier
Summary
CSCts38224
Security Issue in Apache (CVE-2011-3192 and CVE-2011-3348)
A denial of service vulnerability has been found in the way the multiple overlapping ranges are
handled by the Apache HTTPD server. Multiple Cisco products could be affected by this
vulnerability.
Mitigations that can be deployed on Cisco devices within the network are available in the Cisco
Applied Intelligence companion document for this Advisory:
A denial of service vulnerability has been found in the way the multiple overlapping ranges are
handled by the Apache HTTPD server. Multiple Cisco products could be affected by this
vulnerability.
Mitigations that can be deployed on Cisco devices within the network are available in the Cisco
Applied Intelligence companion document for this Advisory:
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110830-
apache.shtml.
PSIRT Evaluation: the Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/7.8:
apache.shtml.
PSIRT Evaluation: the Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/7.8:
CVE ID CVE-2011-3192 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following
URL:
Additional information on Cisco's security vulnerability policy can be found at the following
URL:
The Cisco VCS now uses Apache 2.2.21, which addresses these security advisories.
CSCtr84963
Possible loss of grace period for call licenses (in cluster configuration):
If a cluster peer loses contact with its cluster, the remaining peers can continue to use the non-
contactable peer’s licenses for a 2-week grace period. But, if another peer within the cluster is
restarted during that period, that restarted peer will not be able to make use of the non-
contactable peer’s licenses for the remainder of the grace period.
This issue is resolved; grace periods are now observed if a peer is restarted.
If a cluster peer loses contact with its cluster, the remaining peers can continue to use the non-
contactable peer’s licenses for a 2-week grace period. But, if another peer within the cluster is
restarted during that period, that restarted peer will not be able to make use of the non-
contactable peer’s licenses for the remainder of the grace period.
This issue is resolved; grace periods are now observed if a peer is restarted.
CSCts05797
VCS SIP/H323 interworking does not adhere to change in SIP payload type after
hold/resume: interworked calls can lose video after a hold/resume if there is a change in the
SIP payload type.
VCS now manages correctly a change in the payload type.
hold/resume: interworked calls can lose video after a hold/resume if there is a change in the
SIP payload type.
VCS now manages correctly a change in the payload type.
CSCts15739
Cisco VCS challenges B2BUA SUBSCRIBE for authentication when Default Zone is set
to
to
“Check credentials”:
When a Cisco VCS is set up with the Default Zone set to
“Check credentials” and the X7.0
B2BUA feature is also set up on the same VCS, any SUBSCRIBE messages sent from the
B2BUA will result in a 407 Proxy Authentication Required response from the VCS. Eventually
the B2BUA gives up sending SUBSCRIBE messages and this results in failed subscription
states for B2BUA/Lync users. This does not affect customers still using OCS Relay (rather than
the B2BUA).
This issue is resolved; subscribe messages now include a P-Asserted-Identity header.
B2BUA will result in a 407 Proxy Authentication Required response from the VCS. Eventually
the B2BUA gives up sending SUBSCRIBE messages and this results in failed subscription
states for B2BUA/Lync users. This does not affect customers still using OCS Relay (rather than
the B2BUA).
This issue is resolved; subscribe messages now include a P-Asserted-Identity header.
CSCtt14099
Duo Video fails from an H.323 endpoint: Duo Video from an H.323 endpoint can fail when
using BFCP and interworking with SIP.
using BFCP and interworking with SIP.
CSCtt41169
VCS rejects outgoing call from specific device registered on it