Cisco 3020 - Catalyst Blade Switch Release Note page 18

Resolved Caveats
CSCsd08314
•
When you remove a voice VLAN that has no per-VLAN configuration from a secure port, a
PORT_SECURITY-6-VLAN_REMOVED message no longer appears.
Note
CSCsd85587
•
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
–
–
–
–
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There
are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note
• CSCsd89006
These error messages no longer appear when you enter the service-policy interface configuration
command on interface fa0:
QoS: policymap is supported on physical and VLAN interfaces only Service Policy
attachment failed
Remove policy failed for interface Fa0
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later
18
If an address was learned on a VLAN, the error message still appears when that VLAN is aged
out or removed. However, this does not affect switch functionality.
Cisco IOS, documented as Cisco bug ID CSCsd85587
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
Cisco Firewall Service Module (FWSM)
Another related advisory is posted together with this Advisory. It also describes vulnerabilities
related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is
available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml
can be used to choose a software release which fixes all security vulnerabilities published as of
May 22, 2007. The related advisory is published at
http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
and
OL-8918-03