IBM RackSwitch G8264CS Version 7.1.6.0 (Released October 2013) ** Changes since the 7.1.5.0 release ** Enhancements: None Changes: None Fixes: - User-configured ACL Deny rules were not being respected for packets with a Layer-4 (TCP) port of 22 or 23 (i.e., SSH and Telnet, respectively). (69126 / XB202484) - Inefficiencies in the SNMP-processing code could result in high CPU utilization, SNMP client time-outs, protocol flaps, or a switch reset by the Hardware Watchdog. (66769, 70649) - A crash would occur when routing packets to an unreachable IPv6 gateway. (68081) - A watchdog timeout could occur if an IGMPv3 Report packet was received with the invalid source-IP address of 0.0.0.0. (71749) - BGP neighborship sessions would flap when receiving BGP route messages that contained community attributes (XB194426) - A crash could occur while handling an HTTPS request if the connection to the client was suddenly terminated while handling the transaction. (XB205895) - The ACL logging feature would not report incoming packets that matched an ACL qualified by a TCP or UDP destination port. (XB208108) - A crash would occur if a data port was used to upload a file to an FTP server, if the file already existed on the server and had read-only access permissions. (XB209257) - A crash would occur if the traceroute command was executed with an IPv6 address specified, and no IPv6 management interfaces were configured. (XB215717) - A crash would occur if a ping was issued to a random host name, and an IPv6 DNS server was unreachable or non-existent (XB216882) - A crash would occur during a second attempt to authenticate a user via an unreachable or non-existent LDAP server. (XB217674) - A crash would occur if a TFTP upload or download was attempted, and no IPv6 interfaces were configured. (XB218041) - The switch's Browser-based Interface (BBI) was vulnerable to attacks by Web scanning tools, potentially resulting in crashes. (XB218795) - A crash would occur when receiving a random sequence of IGMPv3 reports that were interleaved from different Multicast receivers. (XB219263) - Invalid TCP packets (e.g., having both SYN and FIN flags set) received by the switch would not be discarded, resulting in a potential security vulnerability. (XB220985) ======================================================================= IBM RackSwitch G8264CS Version 7.1.5.0 (Released June 2013) ** Changes since the 7.1.3.0 release ** Enhancements: None Changes: - Added support for a new front-to-back airflow power supplies (part numbers 94Y8104 and 94Y8105). Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149) ======================================================================= IBM RackSwitch G8264CS Version 7.1.3.0 (Released June 2013) ** Changes since the 7.1.2.0 release ** Enhancements: None Changes: None Fixes: - Firmware upgrades could fail if a transceiver is removed or inserted during the process. The failure would be accompanied with the error message "CRC Error in KERNEL region". - A Security vulnerability existed in IBM Switches which support Fibre Channel over Ethernet (FCoE), in that data frames were being flooded out of every port if the destination address was not in the MAC table. (CVE-2013-0570) ======================================================================= IBM RackSwitch G8264CS Version 7.1.2.0 (Released June 2013) Initial release.