Replies to This Discussion

Permalink Reply by Jerry Schmidt on June 29, 2016 at 11:24am

Hello Matthew,

2.3.2.2 is the most current version for the DXi V1000. As vulnerabilities are detected, patches are applied in future firmware updates. I do not have an ETA but 2.3.3 is in the test phase for the physical DXIs so it should also be available for the virtual DXIs at some point.

• ▶ Reply

Permalink Reply by Jerry Schmidt on July 25, 2016 at 2:17pm

Update:

2.3.3 is in controlled release and slated to release soon. Also here is feedback on the critical CVEs in the post above.

 

CVE	Version Fixed	Notes
CVE-2006-4924 - OpenBSD - OpenSSH - Denial of Service Issue - TCP 22	DXi 2.3.3	openssh-server-4.3p2-36.el5_4.4
CVE-2006-5051 - Portable OpenSSH - GSSAPI - Code Execution Issue - TCP 22	DXi 2.3.3	openssh-server-4.3p2-36.el5_4.4
CVE-2007-4752 - OpenBSD - OpenSSH - Security Bypass Issue - TCP 22	DXi 2.3.3	openssh-server-4.3p2-36.el5_4.4
CVE-2010-4478 - OpenBSD - OpenSSH - Security Bypass Issue - TCP 22	N/A	Not vulnerable. It's not enabled in Red Hat  Enterprise Linux and Fedora openssh packages.
CVE-2014-1692 - OpenSSH - Memory Corruption Issue - TCP 22	N/A	Not vulnerable. The code for J-PAKE support is not compiled into the Red Hat shipped binaries.

 

• ▶ Reply