Примечания к выпуску для Cisco Cisco Firepower Management Center 4000
Version 5.2.0.7
Sourcefire 3D System Release Notes
20
Issues Resolved in Version 5.2.0.7
Issues Resolved in Version 5.2.0.7
The following issues are resolved in Version 5.2.0.7:
•
Security Issue
Addressed an arbitrary injection vulnerability allowing
unauthenticated, remote attackers to execute commands via Bash. The fix
addresses CVE-2014-6271 and CVE-2014-7169. For more information, refer
to the Cisco Security Advisory page at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20140926-bash
. (144861, 144940, 144947)
Issues Resolved in Previous Updates
Previously resolved issues are listed by version.
Version 5.2.0.6
•
Security Issue
Addressed multiple cross-site scripting (XSS) vulnerabilities.
•
Security Issue
Addressed multiple cross-site request forgery (CSRF)
vulnerabilities.
•
Security Issue
Addressed multiple injection vulnerabilities, including HTML
and command line injections.
•
Security Issue
Addressed multiple vulnerability issues in Linux, strongSwan,
and Wireshark, including those described in CVE-2013-2237,
CVE-2013-5718, CVE-2013-5719, CVE-2013-5720, CVE-2013-5721,
CVE-2013-5722, and CVE-2013-2338.
•
Resolved an issue where, if you modified the interface type on a routed or
switched interface associated with a hybrid interface, applying the device
configuration failed. (132221)
•
Resolved an issue where, if you configured Simple Network Management
Protocol (SNMP) polling on a Series 3 managed device, the system
retrieved non-compliant RFC data. (135323)
•
Resolved an issue where, if you configured a custom table populated with
data from either the correlation events table or the applications table, then
selected Source IP as a common field, updates to Version 5.3 failed.
(135735)
•
Improved memory usage of the Sourcefire Data Correlator. (135868,
138800)
•
Improved the performance of the Rule Management page (Policies >
Correlation > Rule Management). (137905)
•
Resolved an issue where, if you created a backup file for configuration data,
the system included extraneous geolocation data and increased the size of
the backup file. (137976)
•
Resolved an issue where the system provided incorrect speed data for fiber
interfaces with speeds of 4GB and faster. (138072)