IBM Support

Fabric OS firmware for Brocade 8Gb SAN Switch Module v7.4.2d - IBM BladeCenter

Download


Version

7.4.2d

Release Date

10 June 2019

Downloadable File

Abstract

Download the latest Fabric OS firmware for Brocade 8Gb SAN Switch Module for IBM BladeCenter

Download Description

Change history

Severity: Suggested

Version 7.4.2d

FOS v7.4.2 includes the following software enhancements.
Fabric OS 7.4.2d Release Notes v1.0

  • The ldapCfg command supports a new option --mapattr to assign a list of vendor specific attributes. This enhances the LDAP configuration support for Brocade vendor specific attributes, such as chassis role, home logical fabric (LF), and LF list to be assigned per LDAP server group.
  • Support GPN_SDFCP Query in Name Server.
  • Add new audit log message RAS-2010 to indicate syslog service start after switch reboot or a standby CP transition from standby to active state.

Deprecated Hardware
The following Brocade devices are no longer supported starting with FOS v7.4.2.

  • Brocade Encryption Switch
  • FS8-18 blade

Resolution of Important Defects

  • DEFECT000567817 - Firmware upgrade fails on a director with the standby CP remaining in a constant powering up state.
  • DEFECT000540101 - SNMP query reports a fan speed of 0.
  • DEFECT000563416 - Observed Kernal panic (Unable to handle kernal paging request) during single Channel running Local Control Unit Port (CUP).
  • DEFECT000568423 - Intermittent I/O Failures through an 7800/FX8024 or 7840 FCIP Tunnel due to processing an Extended Link Services PDISC (Discover N_Port Service Parameters) Request.
  • DEFECT000586977 - Switch panic occurs while performing any zone transactions (like cfgdisable/cfgenable/setting defzone) when there is an LISL present on the logical switch.
  • DEFECT000588834 - Continuous DP panics on BR7840 and loss of ip interface configurations.
  • DEFECT000635804 - Loading MAPS policies and rules causes high memory utilization.

Security Vulnerability Fixes
This section lists the Common Vulnerabilities and Exposures (CVEs) fixes that are added in this FOS release version.

  • CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
  • CVE-2014-3513: Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
  • CVE-2014-3567: Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
  • CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
  • CVE-2015-8325: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
  • CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
  • CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
  • CVE-2016-2106: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
  • CVE-2016-2107: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
  • CVE-2016-2108: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
  • CVE-2016-2109: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
  • CVE-2016-2178: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
  • CVE-2016-2180: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
  • CVE-2016-2182: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
  • CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
  • CVE-2016-6303: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
  • CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
  • CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
  • CVE-2016-6515: The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
  • CVE-2016-8858: The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.

Note: See the change history file for more information.

Off

Document Location

Worldwide

Operating System

System x:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU02RTV","label":"BladeCenter->BladeCenter H Chassis->7989"},"Platform":[{"code":"PF025","label":"Platform Independent"}]},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU01TAL","label":"BladeCenter->BladeCenter H Chassis->8852"},"Platform":[{"code":"PF025","label":"Platform Independent"}]}]

Document Information

Modified date:
14 June 2019

UID

ibm1MIGR-5099353