FIRMWARE CHANGE HISTORY ----------------------- IBM RackSwitch G8332 Version 7.7.39.0 (Released February 2022) ** Changes since the 7.7.38.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the OpenSSL library as reported in the CVE Advisories: CVE-2020-1971, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712. (244492) - Fixed vulnerabilities in the libXML2 library as reported in the CVE Advisories: CVE-2021-3517, CVE-2021-3537. (244492) ================================================================================ IBM RackSwitch G8332 Version 7.7.38.0 (Released August 2021) ** Changes since the 7.7.37.0 release ** Enhancements: none Changes: - Avoid using deprecated SSH cryptographic settings - removed unsecure key exchange algorithms: diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 (230493) - A SSH public key too small could exist on switch - added support to automatically install a 2048 bit RSA public key at boot, in case a 1024 bit ssh-dss host key is saved on a device (230493) Fixes: - Switches in a VLAG environment could hang or misbehave when a loop occurs at L2 so the device experiences extensive L2 station moves. At this point, the MFDB and VFDB threads would go into resumable state and never recovers even after the loop is gone (235971) ================================================================================ IBM RackSwitch G8332 Version 7.7.37.0 (Released June 2021) ** Changes since the 7.7.35.0 release ** Enhancements: none Changes: none Fixes: - SSL host-certificate expiration would occur after 8th of March 2021 even if a new https certificate is generated. (226846) - Switch uptime from BBI interface would be different from the one in CLI for switches that have been running for more than 497 days. (228385) ================================================================================ IBM RackSwitch G8332 Version 7.7.35.0 (Released November 2020) ** Changes since the 7.7.34.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the Linux kernel as reported in the CVE Advisories: CVE-2020-13974, CVE-2020-10732, CVE-2020-14314, CVE-2020-12770. (207165) ================================================================================ IBM RackSwitch G8332 Version 7.7.34.0 (Released August 2020) ** Changes since the 7.7.33.0 release ** Enhancements: none Changes: none Fixes: - The SSH Server CBC Mode Ciphers and SSH Weak MAC Algorithms have been disabled. (204790) - Https connection would be lost when generating a certificate with blank fields. (202593) - Fixed vulnerabilities as reported in the CVE Advisories: CVE-2020-12464. (207165) ================================================================================ IBM RackSwitch G8332 Version 7.7.33.0 (Released February 2020) ** Changes since the 7.7.32.0 release ** Enhancements: none Changes: none Fixes: - The switch could crash when modifying the port-channels used by FCoE. (183939) - Fixed vulnerabilities as reported in the CVE Advisories: CVE-2019-1559. (181273) ================================================================================ IBM RackSwitch G8332 Version 7.7.32.0 (Released October 2019) ** Changes since the 7.7.31.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the Linux kernel as reported in the CVE Advisories CVE-2019-11477, CVE-2019-11478, CVE-2019-11479. (177635) ================================================================================ IBM RackSwitch G8332 Version 7.7.31.0 (Released February 2019) ** Changes since the 7.7.30.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the OpenSSL library as reported in the CVE Advisory CVE-2018-0734. (175714) ================================================================================ IBM RackSwitch G8332 Version 7.7.30.0 (Released February 2019) ** Changes since the 7.7.29.0 release ** Enhancements: none Changes: none Fixes: - Fixed vulnerabilities in the OpenSSL library as reported in the CVE Advisory CVE-2018-0732. (147029) - Switch would incorrectly add a new STEM thread entry to the output of the CLI command "show process cpu history" for each time the CLI command "clear cpu" were executed. (147299) ================================================================================ IBM RackSwitch G8332 Version 7.7.29.0 (Released September 2018) ** Changes since the 7.7.28.0 release ** Enhancements: none Changes: none Fixes: - A crash could occur when the switch were scanned by the Rapid 7 security tool or nessus scan for vulnerabilities or when the CLI commands "no ssh enable" or "no access netconf ssh enable" were executed after the scan. (133904/138760) - Fixed vulnerabilities in the TLS protocol as reported in the CVE Advisories CVE-2014-8730. (80866) - Switch no longer supports the Diffie-Hellman key exchange algorithm in strict security mode. (143643) - Enhance BBI session default user password reset framework. (135949/135951) ================================================================================ IBM RackSwitch G8332 Version 7.7.28.0 (Released June 2018) ** Changes since the 7.7.27.0 release ** Enhancements: none Changes: none Fixes: - Fixed Libxml2 vulnerabilities as reported in the Advisories CVE-2016-5131, CVE-2017-15412, CVE-2017-16932, CVE-2017-5130. (124059) ================================================================================ IBM RackSwitch G8332 Version 7.7.27.0 (Released November 2017) ** Changes since the 7.7.26.0 release ** Enhancements: none Changes: none Fixes: - Address issue in login credential mechanism. (107614) - Fixed TCP vulnerabilities as reported in the CVE Advisory CVE-2017-6214. (113078) - Address non-configured community strings. (115054) ================================================================================ IBM RackSwitch G8332 Version 7.7.26.0 (Released May 2017) ** Changes since the 7.7.25.0 release ** Enhancements: None Changes: - The support for TLS versions 1.1 and 1.0 has been deprecated. TLS version 1.2 is now supported by default. (PSIRT ALIRT 10820) (72679) Fixes: - Switch returns g8332-mgmt (.1.3.6.1.4.1.20301.1.7.12) as sysObjectID instead of g8332 (.1.3.6.1.4.1.20301.1.7.16) renderring it unable to be managed by LXCA. (63912, 89813) - Fixed zlib vulnerabilities as reported in the CVE Advisories CVE-2016-9840, CVE-2016-9841, CVE-2016-9842 and CVE-2016-9843. (86800) - Fixed libXML2 vulnerabilities as reported in the CVE Advisories CVE-2016-4658 and CVE-2016-9318. (86808) - A switch upon receiving a rogue OSPF LSA containing its own router ID with a maximum sequence number (0x7fffffff), would incorrectly respond with a fight-back LSA of its own database, as opposed to the rogue's LSA database. (92346) ================================================================================ IBM RackSwitch G8332 Version 7.7.25.0 (Released January 2017) ** Changes since the 7.7.24.0 release ** Enhancements: None Changes: None Fixes: - Switch sends SNMP traps with inccorrect Trap OID prefix .1.3.6.1.4.1.20301.2.7.12 instead of the correct OID prefix .1.3.6.1.4.1.20301.2.7.16. (63912) - Password for tacacs users could not be changed from the switch using the "primary-password" command when the "tacacs-server password-change" feature is enabled. (63530) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2016-2183(SWEET32) and CVE-2016-6329. The ciphers DES,3DES and Blowfish are no longer supported. (66395) ================================================================================ IBM RackSwitch G8332 Version 7.7.24.0 (Released September 2016) ** Changes since the 7.7.23.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2016-2108.(ALIRT LEN-7502). (55174) - Fixed security vulnerabilities as reported in CVE Advisories CVE-2016-3705, CVE-2016-3627, CVE-2015-8806, CVE-2016-4447, CVE-2016-4449, CVE-2016-4448 (libxml2). (57176, 55781, 58942, 58943) ================================================================================ IBM RackSwitch G8332 Version 7.7.23.0 (Released June 2016) ** Changes since the 7.7.22.0 release ** Enhancements: None Changes: None Fixes: - Fixed security vulnerabilities as reported in CVE Advisories CVE-2015-8710 (libxml2). (49214) ================================================================================ IBM RackSwitch G8332 Version 7.7.22.0 (Released February 2016) ** Changes since the 7.7.21.0 release ** Enhancements: None Changes: - The output of “show tech-support” now includes the isCLI commands as headers before their respective output. (38125) Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-7575 (SLOTH). (47856) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-3194, CVE-2015-3195. (46801) ================================================================================ IBM RackSwitch G8332 Version 7.7.21.0 (Released October 2015) ** Changes since the 7.7.20.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-1788 (BN_GF2m_mod_inv), CVE-2015-1789 (X509_cmp_time) and CVE-2015-1792 (do_free_upto). (39415) ================================================================================ IBM RackSwitch G8332 Version 7.7.20.0 (Released July 2015) ** Changes since the 7.7.19.0 release ** Enhancements: None Changes: None Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-0286 (ASN1_TYPE_cmp). ================================================================================ IBM RackSwitch G8332 Version 7.7.19.0 (Released April 2015) ** Changes since the 7.7.18.0 release ** Enhancements: None Changes: None Fixes: - Fixed security vulnerabilities as reported in CVE Advisories CVE-2014-0191 (libXML2), CVE-2014-3660 (libXML2), CVE-2103-2566 (RC4) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2015-2808 (BarMitzvah) ================================================================================ IBM RackSwitch G8332 Version 7.7.18.0 (Released October 2014) ** Changes since the 7.7.17.0 release ** Enhancements: None Changes: - A security vulnerability existed in the OpenSSL Protocol that is used in IBM System Networking Ethernet Switches. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510) Fixes: None ================================================================================ IBM RackSwitch G8332 Version 7.7.17.0 (Released July 2014) ** Changes since the 7.7.16.0 release ** Enhancements: None Changes: - Internal debug usernames have been removed from the firmware to prevent potential backdoor access. (XB282666) Fixes: None ================================================================================ IBM RackSwitch G8332 Version 7.7.16.0 (Released June 2014) ** Changes since the 7.7.15.0 release ** Enhancements: none Changes: - A security vulnerability existed in the OpenSSL Protocol that is used in IBM System Networking Ethernet Switches. (CVE-2014-0224) Fixes: none ==================================================================================================== IBM RackSwitch G8332 Version 7.7.15.0 (Released May 2014) Second release of G8332 New and Updated Features: ------------------------- - NIST 131A: compliant with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A. - Open Flow 1.3.1 The following key feature where added: • Static LAG • MAC address/IP address masking • Flexible Table Miss and Fail Secure • 40Gb support • Static CLI for Flow Programming • OpenFlow 1.0 backward - Distributed Overlay Virtual Ethernet (DOVE) provides network virtualization by implementing an overlay network for virtual machines on top of an underlying IPv4 network. - FCoE BB5 FCF Support: Full Fabric FCoE Switch - NAT: Network Address Translation Fixes: ------ - MLD groups are not deleted properly when shut/no shut command is performed on a port from a static trunk; in this case some traffic is still flooded. (XB263055) - Part of the IPMC traffic for IGMP groups learned on a port-channel is still forwarded after flapping the port-channel. (XB266229) - Switch crashes when enabling "debug spanning-tree bpdu" from cli. (XB266534) - Switch crashes in VLAG setup with IGMP traffic. (XB263030) - The switch is continuously crashing after using "mda shutdown" and "no mda shutdown" commands several times. (XB262540) - MDA board insertions and removals are now logged by the SysLog server. (XB266532) - Openflow 1.0: Switch is crashing when pushing untagged FDB based flow. (XB271510) Enhancements: ------------- NONE Changes: -------- NONE ================================ IBM RackSwitch G8332 Version 7.7.13.0 (Released March 2014) - Initial release ================================