Download Cisco IOS

Transcript
Caveats
•
Cisco IOS Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device
to reload by remotely sending a crafted encryption packet. Cisco has released free software updates
that address this vulnerability. This advisory is posted at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-tls
•
CSCsq24002
•
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
CSCsx70889
•
The switch may reload after destroying the expExpressionTable row via SNMP when you enter the
debug management expression evaluator command.
Workaround: Disable the debug management expression evaluator command. (CSCsu67323)
Open Caveats for Cisco IOS Release 12.2(52)XO
This section lists the open caveats for Cisco IOS Release 12.2(52)XO:
•
When you enter the access-list N permit host hostname command on a redundant chassis operating
in SSO mode, you might observe the following syslog messages. The command is not synchronized
with the redundant supervisor engine, and keepalive warnings appear.
000099: Jul 9
config-changed
000100: Jul 9
config-changed
000101: Jul 9
config-changed
000102: Jul 9
config-changed
000103: Jul 9
config-changed
000104: Jul 9
config-changed
000105: Jul 9
config-changed
000106: Jul 9
config-changed
000107: Jul 9
config-changed
01:22:36.478 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:22:46.534 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:22:56.566 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:06.598 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:16.642 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:26.682 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:36.721 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:46.777 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
01:23:56.793 PDT: %HA_CONFIG_SYNC-3-LBL_CFGSYNC:
command to standby
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Unable to sync
Workaround: When using the access-list N permit host hostname command, specify the IP
address of the host rather than the hostname (CSCef67489)
•
In rare instances, when you are using MAC ACL-based policers, the output of the
show policy-map interface fa6/1 command does not display the packets being matched:
Switch# show policy-map int fa6/1
Service-policy output: p1
Class-map: c1 (match-all)
0 packets<--------It stays at '0' despite of traffic being received
Match: access-group name fnacl21
police: Per-interface
Conform: 9426560 bytes Exceed: 16573440 bytes
Release Notes for the Catalyst 4500 Series Switch, Cisco IOS Releases 12.2(54)SG to 12.2(37)SG
222
OL-5184-91