Cisco ASA 9.2.2 Interim Build Release Notes

Cisco ASA Interim Release Notes

The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.

Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.

Revision: Version 9.2(2)8 – 10/10/2014

Files: asa922-8-smp-k8.bin

Defects resolved since 9.2(2)4:

CSCty17881			vpn-sessiondb detail missing Filter Name after IKEv1 rekey
CSCub53088			Arsenal:twice NAT with service type ftp not working.
CSCuh24695			WebVPN portal DOM based Cross-Site-Scripting Issue
CSCui39625			new operator is rewritten incorrectly when used for function from object
CSCui74278			Wrong IP is displayed in buffered logging of ASA-6-737015
CSCul04263			ASA Webvpn CIFS vnode_create: VNODE ALLOCATION LIMIT 100000 REACHED!
CSCul37888			traffic does not match time-rang access-list configured with policy-maps
CSCum91201			SSH timeout on ASA
CSCun09754			negation of host-group and host command not allowed with encryption
CSCun66613			ASA stops decrypting certain L2L traffic after working for some time
CSCuo09383			ASA WebVPN Memory leak leading to Blank Portal Page/AnyConnect failure
CSCuo11778			ENH: Add "speed nonegotiate" command for fiber interfaces on ASA5585
CSCuo45321			ASA allows IKEv1 clients to bypass address assignment, causing conflict
CSCup07439			ASA with CX module crashes with http traffic inspection
CSCup16419			Traceback in Thread Name: ssh_init
CSCup28968			When ACL optimization is enabled, wrong rules get deleted
CSCup35713			ASA tmatch_summary_alloc block leak in binsize 1024
CSCup36514			webvpn jscript post to wrong URL - ASA FQDN same as server FQDN
CSCup36829		Cisco ASA SSL VPN Portal Customization Integrity Vulnerability
CSCup43257	ASA Traceback in Thread name: ci/console while modifying an object-group
CSCup46524			"no speed nonegotiate" command in ASA 5580 running 9.1.5 in show run
CSCup47195			ASA - Traceback in DATAPATH-0-1275
CSCup50857			ASA traceback in thread name idfw_adagent
CSCup54184			Cisco ASA SharePoint RAMFS Integrity and Lua Injection Vulnerability
CSCup55377			ASA: Traceback Page Fault in vpnfol_thread_msg on Standby ASA
CSCup59017			ASA with ACL optimization crashing in "fover_parse" thread
CSCup59499			ASA: BGP not performing outbound route-filtering
CSCup60257			Flowcontrol feature broken on Benetton with 4GE SSM card
CSCup60837			Personal bookmarks get deleted with ASA in Active/Standby failover
CSCup66273			ASA SSLVPN Citrix plugin not starting java.lang.ClassNotFoundException
CSCup70720			ASA crashes with Page Fault with multiple configuration sessions
CSCup74532			ASA failover standby device reboots due to delays in config replication
CSCup85529			ASA Smart Call does not hide IPv6 addresses for ND
CSCup86857			IPv4 ACLs not working after merging IPv4 and IPv6 ACLs by upgrading
CSCup86960			ASA : Failover descriptor does not change after reconfiguring VLAN
CSCup87430			accounting not per rfc in dual factor auth case
CSCup90173			SNMP: Power supply OIDs missing if no power input on 5500-X
CSCup92782			ASA providing inaccurate Tunnel count to ASDM
CSCup95504			ASA drops DNS PTR Reply w/ reason Label length exceeded during rewrite
CSCuq03216			IPsecOverNatT tunnel disappears after ASA failovers
CSCuq04306			Smart Tunnels Spawn "UNKNOWN Publisher" Warning w/Java 7 Update 60
CSCuq05768			Using "?" to list files in directory with thousands of files causing hog
CSCuq08854			Show memory app-cache command shows incorrect bytes if more than 2^32
CSCuq09352			vbscript getting caught in loop when passing thru ASA WebVPN Rewriter
CSCuq09709			Using ASA 9.2.1, Anyconnect weblaunch fails with URL-list in DAP
CSCuq21016			Local pool address not released -> Duplicate local pool address found
CSCuq22357			SCP copy generates syslog 769004 with password in it
CSCuq24404			traceback in thread name: netfs_thread_init
CSCuq25488			WebVPN HTML Style "Overflow:Hidden" Breaks Custom Logon Pages
CSCuq26046			ASA - Traceback in thread name SSH while changing NAT configuration
CSCuq28582			Cisco ASA VPN Failover Commands Injection Vulnerability
CSCuq28978			WebVPN: Rewriter issue with PATHIX Inspection Database
CSCuq29136			Cisco ASA SSL VPN Info Disclosure and DoS Vulnerability
CSCuq34213			Double Free when processing DTLS packets
CSCuq34226			OpenSSL Zero-Length Fragments DTLS Memory Leak Denial of Service Vuln
CSCuq35090			Webvpn: Support for XFRAME in additional portal and CSD pages
CSCuq37448			Cisco ASA Failover IPSEC does not encrypt failover link
CSCuq37873			ASA : timeout floating-conn not working when PPPoE is configured
CSCuq38805			ASA 9.2 : Static Null route not redistributed over EIGRP to neighbors
CSCuq38807			ASA Radius Access-Request contains both User-Password and CHAP-Password
CSCuq39511			ASA: EIGRP neighbor relationship flapping
CSCuq41510			Cisco ASA VNMC Input Validation Vulnerability
CSCuq42475			IPv6 tunneled route on link-local interfaces
CSCuq46931			LDAP CLI: Quotes removed if ldap attribute-map name has spaces
CSCuq53421			ASA can use wrong trustpoint with rekeyed CAs are cfg in trustpoints.
CSCuq54553			with Anyconnect deflate compression ASA gives ASA-3-722021 syslog
CSCuq57188			ASA returns wrong content-length for cut-thru proxy authentication page
CSCuq59667			ASA tracebacks in Thread Name: ssh due to watchdog
CSCuq60566			Incorrect content-length when maddr present with URI in SIP message body
CSCuq65542			Cisco ASA Software Version Information Disclosure Vulnerability
CSCuq68271			ASA Cluster slave unit loses default route due to sla monitor
CSCuq72664			ASA - 80 Byte memory block depletion
CSCuq76847			ASA:Page fault traceback ACL FQDN Object-group
CSCuq77228			ASA Cluster: IDFW traceback inThread Name: DATAPATH-3-132

Revision: Version 9.2(2)4 – 08/12/2014

Files: asa922-4-smp-k8.bin

Defects resolved since 9.2(2):

CSCuo78892	Traceback when using IDFW ACL's with VPN VPN Filters
CSCuo82612	5585-20 9.2.1 Traceback in Thread Name: DATAPATH-1-1567
CSCuo88253	ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x
CSCuo91763	ASA allows to empty an access-list referenced elsewhere
CSCuo93225	Windriver: Traceback during AnyConnect IPv6 TLS TPS Test
CSCuo95074	ASA AnyConnect failure or crash in SSL Client compression with low mem
CSCuo97036	show vpn load-balancing shows Public addr as Cluster IP addr for Master
CSCuo99186	Inconsistencies seen while sending warmstart trap on reload
CSCup00433	Failover Standby unit has higher memory utilization
CSCup01676	ASA: Crash in DATAPATH
CSCup05772	Snmp-server hosts entries are lost when upgrading from 9.1(4) to 9.1(5)
CSCup07330	ASA: no auth prompt when accessing internet website using ASA-CX
CSCup07447	ASA WebVPN: Script error when using port-forwarding
CSCup08262	9.0(4)5 - Unable to access internal site via clientless SSLVPN
CSCup08912	ASA SSLVPN Java plugins fail through proxy with Connection Exception
CSCup08934	ASA WebVPN Rewriter: Custom HTTP Headers Not Properly Rewritten
CSCup09236	L2TP/IPsec fragmentation change causing ICMP-PMTU being sent
CSCup09881	show webvpn kcd Error code 2 (ERROR_FILE_NOT_FOUND)
CSCup09958	ASA: Webvpn Clientless - certificate authentication fails intermittently
CSCup13265	ASA - Traceback in thread name: sch_prompt anonymous reporting
CSCup16512	ASA traceback in Thread Name : Checkheaps when snmp config is cleared
CSCup16860	IKEv2 DPD is sent at an interval not correlating to the specified value
CSCup22532	Multiple Vulnerabilities in OpenSSL - June 2014
CSCup24465	Jumbo frame calculations are incorrect or hard coded
CSCup26021	TCP intercept does not work after embryonic connection ends
CSCup26347	ASA Panic: CP Processing - ERROR: shrlock_join_domain
CSCup32973	ASA EIGRP does not reset hold time after receiving update
CSCup33868	ASA doesn't apply vpn-filter if group policy is assigned by Cisco VSA 25
CSCup36543	WebVPN Problem- icons missing, buttons not working
CSCup40357	SNMP: Unable to verify presence of second power supply in ASA 5545
CSCup43257	ASA Traceback in Thread name: ci/console while modifying an object-group
CSCup47885	ASA: Page fault traceback in DATAPATH when DNS inspection is enabled
CSCup48772	ASA - Wrong object-group migration during upgrade from 8.2
CSCup48979	ASA - Permitting/blocking traffic based on wrong IPs in ACL
CSCup59774	No syslogs for ASDM or clientless access with blank username/password
CSCup68697	WebVPN: uploading customized portal.css breaks the portal login page
CSCup76212	ASA rewrites incorrect content-length in SIP message
CSCup81146	jumbo frame enabled will cause ASA5585-20 in boot loop from 9.3.0.101
CSCup98176	Jumbo Frame is not support in the ASA558560 due to wrong bigphys size