IBM Security Network Protection XGS 5000 Appliance Fixpack 11 README

Fix readme


Abstract

This document summarizes the changes included in Fixpack 11 for the IBM Security Network Protection XGS 5000 Appliance.

Content

Fix Pack History

You must restart the appliance after you apply this fix pack. The fixes are not applied until the restart is complete.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0001
Defect 17365
Fix hang in LMI when refreshing support info, snapshot, and LUDBA pages.
Caused by long delay during extraction of comment from large files.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0002
Defect 17421
Fix fdexporter being killed by watchdog un-necessarily when on busy
networks.
The fdexporter can take a while to complete the sqlite updates on busy
networks now that extra indices were added to speed up LMI display of on-box flowdata.
The watchdog timeout was extended and an advanced tuning parameter added to
allow modification in the field if necessary (i.e. flowdata.exporter.watchdogTime).
An additional side effect of this fixpack is to resolve the situation where the
watchdog restart left the fdexporter in the "UNCONFIGURED" state requiring a
disable/enable sequence before it would resume exporting.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0003
Defect 17722
alpsd was aborting due to a watchdog timeout.
Enforce a bounds check when processing DCA results.
Fix a race condition that could result is a use-after-free.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0004
Defect 20411
IPS events erroneously report "blocked" instead of "simulated block."

5.0.0.0-ISS-XGS-5000-Hotfix-FP0005
Defect 20497: Web App allowed by NAP rule being blocked by following rule blocking entire category
Defect 20502: alpsd hangs on XPU install

5.0.0.0-ISS-XGS-5000-Hotfix-FP0006
Defect 20649: URL Lists fail to match on HTTP 1.1 persistent connections
Defect 15296: LMI doesn't display correct Application Databases status
Defect 20465: Deploy banner is presented to users when certain fields are selected and no changes have been made

5.0.0.0-ISS-XGS-5000-Hotfix-FP0007
Defect 21279: Unable to switch hardware bypass modes from Fail Open to Fail Closed
Defect 29122: Link propagation not working correctly when set to "No" on FWA6501
QRadar LEEF support added to remote syslog alert object. Please take a snapshot of policy now.
The snapshot must be applied after a rollback of this fixpack.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0008
Defect 30732: wipe command does not work - Fix wipe on fw6501 w/raid (secure wipe is not available)
Defect 33130: SECURITY: Ruby on Rails CVE-2012-2660, CVE-2012-2694, CVE-2013-0155, CVE-2013-0156, CVE-2012-3424
Defect 31599: SECURITY: CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection
Fix truncated frames when forwarding unanalyzed.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0009
Defect 33150: Network Access Policy rule employing both address objects and identity objects does not match as expected.
Defect 33332: Regression: On Local Group, Unable to modify 'Description' field.
Defect 34255: SECURITY: Ruby on Rails CVE-2012-2695, CVE-2013-0333
Defect 34462: Regression: Unable to create a URL Category with no categories assigned
Defect 34496: OS updates

5.0.0.0-ISS-XGS-5000-Hotfix-FP0010
Defect 37805: Resolves an alspd crash related to fragmented TLS records.
Defect 37808: Resolves an eventsd crash related to remote syslog responses and events with large AVP data.
Defect 40961: Resolves an alspd crash related to the dca client during shutdown.

5.0.0.0-ISS-XGS-5000-Hotfix-FP0011
Defect 42044: Resolves several additional alpsd crashes around TLS record processing and an out of memory crash due to not freeing x509 data.

Important: You must restart the appliance after you apply this fix pack. The fixes are not applied until the restart is complete.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Network Protection

Software version:

5.0

Operating system(s):

Firmware

Reference #:

1646302

Modified date:

2013-08-08

Translate my page

Machine Translation

Content navigation