FIRMWARE CHANGE HISTORY ----------------------- IBM RackSwitch G8332 Version 7.7.30.0 (Released March 2019) ** Changes since the 7.7.29.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the OpenSSL library as reported in the CVE Advisory CVE-2018-0732. (147029) - Switch would incorrectly add a new STEM thread entry to the output of the CLI command "show process cpu history" for each time the CLI command "clear cpu" were executed. (147299) ================================================================================ IBM RackSwitch G8332 Version 7.7.29.0 (Released October 2018) ** Changes since the 7.7.28.0 release ** Enhancements: none Changes: none Fixes: - A crash could occur when the switch were scanned by the Rapid 7 security tool or nessus scan for vulnerabilities or when the CLI commands "no ssh enable" or "no access netconf ssh enable" were executed after the scan. (133904/138760) - Fixed vulnerabilities in the TLS protocol as reported in the CVE Advisories CVE-2014-8730. (80866) - Switch no longer supports the Diffie-Hellman key exchange algorithm in strict security mode. (143643) - Enhance BBI session default user password reset framework. (135949/135951) ================================================================================ IBM RackSwitch G8332 Version 7.7.28.0 (Released June 2018) ** Changes since the 7.7.27.0 release ** Enhancements: none Changes: none Fixes: - Fixed Libxml2 vulnerabilities as reported in the Advisories CVE-2016-5131, CVE-2017-15412, CVE-2017-16932, CVE-2017-5130. (124059) ================================================================================ IBM RackSwitch G8332 Version 7.7.27.0 (Released November 2017) ** Changes since the 7.7.26.0 release ** Enhancements: none Changes: none Fixes: - Address issue in login credential mechanism. (107614) - Fixed TCP vulnerabilities as reported in the CVE Advisory CVE-2017-6214. (113078) - Address non-configured community strings. (115054) ================================================================================ IBM RackSwitch G8332 Version 7.7.26.0 (Released May 2017) ** Changes since the 7.7.25.0 release ** Enhancements: None Changes: - The support for TLS versions 1.1 and 1.0 has been deprecated. TLS version 1.2 is now supported by default. (PSIRT ALIRT 10820) (72679) Fixes: - Switch returns g8332-mgmt (.1.3.6.1.4.1.20301.1.7.12) as sysObjectID instead of g8332 (.1.3.6.1.4.1.20301.1.7.16) renderring it unable to be managed by LXCA. (63912, 89813) - Fixed zlib vulnerabilities as reported in the CVE Advisories CVE-2016-9840, CVE-2016-9841, CVE-2016-9842 and CVE-2016-9843. (86800) - Fixed libXML2 vulnerabilities as reported in the CVE Advisories CVE-2016-4658 and CVE-2016-9318. (86808) - A switch upon receiving a rogue OSPF LSA containing its own router ID with a maximum sequence number (0x7fffffff), would incorrectly respond with a fight-back LSA of its own database, as opposed to the rogue's LSA database. (92346) ================================================================================ IBM RackSwitch G8332 Version 7.7.25.0 (Released January 2017) ** Changes since the 7.7.24.0 release ** Enhancements: None Changes: None Fixes: - Switch sends SNMP traps with inccorrect Trap OID prefix .1.3.6.1.4.1.20301.2.7.12 instead of the correct OID prefix .1.3.6.1.4.1.20301.2.7.16. (63912) - Password for tacacs users could not be changed from the switch using the "primary-password" command when the "tacacs-server password-change" feature is enabled. (63530) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2016-2183(SWEET32) and CVE-2016-6329. The ciphers DES,3DES and Blowfish are no longer supported. (66395) ================================================================================ IBM RackSwitch G8332 Version 7.7.24.0 (Released September 2016) ** Changes since the 7.7.23.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2016-2108.(ALIRT LEN-7502). (55174) - Fixed security vulnerabilities as reported in CVE Advisories CVE-2016-3705, CVE-2016-3627, CVE-2015-8806, CVE-2016-4447, CVE-2016-4449, CVE-2016-4448 (libxml2). (57176, 55781, 58942, 58943) ================================================================================ IBM RackSwitch G8332 Version 7.7.23.0 (Released June 2016) ** Changes since the 7.7.22.0 release ** Enhancements: None Changes: None Fixes: - Fixed security vulnerabilities as reported in CVE Advisories CVE-2015-8710 (libxml2). (49214) ================================================================================ IBM RackSwitch G8332 Version 7.7.22.0 (Released February 2016) ** Changes since the 7.7.21.0 release ** Enhancements: None Changes: - The output of “show tech-support” now includes the isCLI commands as headers before their respective output. (38125) Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-7575 (SLOTH). (47856) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-3194, CVE-2015-3195. (46801) ================================================================================ IBM RackSwitch G8332 Version 7.7.21.0 (Released October 2015) ** Changes since the 7.7.20.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-1788 (BN_GF2m_mod_inv), CVE-2015-1789 (X509_cmp_time) and CVE-2015-1792 (do_free_upto). (39415) ================================================================================ IBM RackSwitch G8332 Version 7.7.20.0 (Released July 2015) ** Changes since the 7.7.19.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-0286 (ASN1_TYPE_cmp). ================================================================================ IBM RackSwitch G8332 Version 7.7.19.0 (Released April 2015) ** Changes since the 7.7.18.0 release ** Enhancements: None Changes: None Fixes: - Fixed security vulnerabilities as reported in CVE Advisories CVE-2014-0191 (libXML2), CVE-2014-3660 (libXML2), CVE-2103-2566 (RC4) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2015-2808 (BarMitzvah) ================================================================================ IBM RackSwitch G8332 Version 7.7.18.0 (Released October 2014) ** Changes since the 7.7.17.0 release ** Enhancements: None Changes: - A security vulnerability existed in the OpenSSL Protocol that is used in IBM System Networking Ethernet Switches. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510) Fixes: None ================================================================================ IBM RackSwitch G8332 Version 7.7.17.0 (Released July 2014) ** Changes since the 7.7.16.0 release ** Enhancements: None Changes: - Internal debug usernames have been removed from the firmware to prevent potential backdoor access. (XB282666) Fixes: None ================================================================================ IBM RackSwitch G8332 Version 7.7.16.0 (Released June 2014) ** Changes since the 7.7.15.0 release ** Enhancements: none Changes: - A security vulnerability existed in the OpenSSL Protocol that is used in IBM System Networking Ethernet Switches. (CVE-2014-0224) Fixes: none ==================================================================================================== IBM RackSwitch G8332 Version 7.7.15.0 (Released May 2014) Second release of G8332 New and Updated Features: ------------------------- - NIST 131A: compliant with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A. - Open Flow 1.3.1 The following key feature where added: • Static LAG • MAC address/IP address masking • Flexible Table Miss and Fail Secure • 40Gb support • Static CLI for Flow Programming • OpenFlow 1.0 backward - Distributed Overlay Virtual Ethernet (DOVE) provides network virtualization by implementing an overlay network for virtual machines on top of an underlying IPv4 network. - FCoE BB5 FCF Support: Full Fabric FCoE Switch - NAT: Network Address Translation Fixes: ------ - MLD groups are not deleted properly when shut/no shut command is performed on a port from a static trunk; in this case some traffic is still flooded. (XB263055) - Part of the IPMC traffic for IGMP groups learned on a port-channel is still forwarded after flapping the port-channel. (XB266229) - Switch crashes when enabling "debug spanning-tree bpdu" from cli. (XB266534) - Switch crashes in VLAG setup with IGMP traffic. (XB263030) - The switch is continuously crashing after using "mda shutdown" and "no mda shutdown" commands several times. (XB262540) - MDA board insertions and removals are now logged by the SysLog server. (XB266532) - Openflow 1.0: Switch is crashing when pushing untagged FDB based flow. (XB271510) Enhancements: ------------- NONE Changes: -------- NONE ================================ IBM RackSwitch G8332 Version 7.7.13.0 (Released March 2014) - Initial release ================================