Примечания к выпуску для Cisco Cisco TelePresence MX700

D15325.01  Cisco  TelePresence  TC7.3.0  and  TC7.3.1  Software  Deferral  Notice  

Software  deferral  notice

 

Dear  Cisco  Customer,

 

Cisco  engineering  has  identified  a  software  issue  with  the  release,  which  you  
have  selected.  This  issue  may  affect  your  use  of  this  software.  Please  review  
the  deferral  notice  below  to  determine  if  the  issue  applies  to  your  
environment.  Customers  are  urged  to  upgrade  to  the  recommended  solution  
image  or  most  current  software  version.

 

For  more  comprehensive  information  about  what  is  included  in  this  software,  
please  refer  to  the  following  documents:  

 

 

Affected  software  and  replacement  solution

 

The  NTP.org  and  glibc  "GHOST"  vulnerabilities  affects  certain  software  
versions.    

CSCus69550  -­‐  CVE-­‐2015-­‐0235  
CSCus88487  -­‐  CVE-­‐2014-­‐9298  

Headline:        

The  NTP.org  and  glibc  "GHOST"  vulnerabilities  make  systems  running  the  
affected  software  versions  vulnerable.  

The  listed  TelePresence  product  software  versions  are  affected  by  the  NTP.org  
vulnerability  (CVE-­‐2014-­‐9298)  and  glibc  commonly  known  as  the  "GHOST"  
vulnerability  (CVE-­‐2015-­‐0235).    

January  27,  2015,  a  buffer  overflow  vulnerability  in  the  GNU  C  library  (glibc)  
was  publicly  announced.  This  vulnerability  is  related  to  the  various  
gethostbyname  functions  included  in  glibc  and  affect  applications  that  call  
these  functions.  This  vulnerability  may  allow  an  attacker  to  obtain  sensitive  
information  from  an  exploited  system  or,  in  some  instances,  perform  remote  
code  execution  with  the  privileges  of  the  application  being  exploited.