Примечания к выпуску для Cisco Cisco FirePOWER Appliance 8250
Version 5.3.0.5
Sourcefire 3D System Release Notes
21
Resolved Issues
•
Security Issue
Addressed multiple vulnerability issues in cURL, Linux,
MySQL, strongSwan, and Wireshark, including those described in
CVE-2013-1944, CVE-2013-2237, CVE-2013-3783, CVE-2013-2338,
CVE-2013-5718, CVE-2013-5719, CVE-2013-5720, CVE-2013-5721, and
CVE-2013-5722.
•
Resolved an issue where the system delayed the generation of
end-of-connection events for packets transmitted via a protocol other than
TCP or UDP. (131526/CSCze89194)
•
Resolved an issue where, in some cases, the intrusion event packet view
displayed a rule message that did not match the rule that generated the
event. (138011/CSCze90972)
•
Resolved an issue where you could not import an intrusion rule that
referenced a custom variable. (138077/CSCze90689)
•
Resolved an issue where, if the system dropped the connection between
the Defense Center and its managed device while completing a backup, the
managed device failed to send the finished backup files to the Defense
Center, and the Task Status page (System > Monitoring > Task Status) reported
that the backup was still in progress. (138102/CSCze90708)
•
Resolved an issue where connection events logged to an external syslog or
SNMP trap server had incorrect URL Reputation values.
(138504/CSCze91066, 139466/CSCze91510)
•
Resolved an issue where, in rare cases, the system displayed incorrect,
extremely high packet counts in the dashboard and event views for Series 3
managed devices. (138608/CSCze91081)
•
Improved the stability of clustered state sharing on 3D8250 and 3D8350
managed devices. (139141/CSCze91387)
•
Resolved an issue where, if you enabled telnet on a Cisco IOS Null Route
remediation module and configured the username for the Cisco IOS
instance to enable by default on the Cisco IOS router, Cisco IOS Null route
instance to enable by default on the Cisco IOS router, Cisco IOS Null route
remediation failed on the Defense Center. (139387/CSCze91484)
•
Resolved an issue where, if one of your network variables in a variable set
excluded
::
or
::0
addresses and you referenced the variable set in an
access control policy, applying your access control (or an intrusion policy
referenced by your access control policy) failed. (139406/CSCze91378)
•
Improved the stability of Snort when a nightly intrusion event performance
statistics rotation occurred at the same time as an intrusion policy apply.
(139958/CSCze91909)
•
Resolved an issue where, when creating a network address translation
(NAT) policy on a 70xx Family managed device and positioning a dynamic
NAT rule specifying a destination port range before a second dynamic NAT
rule specifying a destination port included in the first range, the system did
not match traffic against the second dynamic rule if the traffic did not match
the first dynamic rule. (140216/CSCze91789, 140307)