Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC
and will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which
is resolved by an Interim release, we recommend that you use the Feature or
Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a production
environment. We strongly encourage you
to upgrade to a fully tested Maintenance or Feature release when it becomes
available.
Revision: Version 9.5(3)9 – 04/11/2017
Files: asa953-9-smp-k8.bin
Defects resolved since 9.5(3)6:
Evaluation of pix-asa for Openssl September 2016 |
|
ARP functions fail after 213 days of uptime, drop with error 'punt-rate-limit-exceeded' |
Revision: Version 9.5(3)6 – 12/13/2016
Files: asa953-6-smp-k8.bin
Defects resolved since 9.5(3)2:
IPv6 ACLs can be bypassed with crafted packets |
|
Stale VPN Context entries cause ASA to stop encrypting traffic |
|
ASA classifies TCP packets as PAWS failure incorrectly |
|
ASA Traceback on 9.1.5.19 |
|
L2TP over IPSec can not be connected
after disconnection from client. |
|
Unicorn Proxy Thread causing CP contention |
|
AnyConnect DTLS on-demand DPDs are not sent intermittently |
|
ASA ASSERT traceback in DATAPATH due
to sctp inspection |
|
Cisco ASA Input Validation File Injection Vulnerability |
|
ASA traceback in CLI thread while
making MPF changes |
|
HTML5: Guacamole server requires page refresh |
|
ASA Cluster DHCP Relay doesn't forward the server replies to the
client |
|
ASA : Botnet update fails with a lot of Errors |
|
Stale VPN Context entries cause ASA to stop encrypting traffic
despite fix for CSCup37416 |
|
Lower NFS throughput rate on Cisco ASA platform |
|
ASA traceback with Thread Name aaa_shim_thread |
|
ASA-SM traceback with Thread : fover_parse during upgrade
OS 9.1.6 to 9.4.3 |
|
ASA fairly infrequently rewrites the dest
MAC address of multicast packet for client |
|
ASA dropping traffic with TCP syslog configured in multicontext mode |
|
ASA unable to add multiple attribute entries in a certificate
map |
Revision: Version 9.5(3)2 – 11/03/2016
Files: asa953-2-smp-k8.bin
Defects resolved since 9.5(3)1:
ASA traceback on standby when SNMP
polling |
|
After some time flash operations fail and configuration can not
be saved |
|
ASA Traceback Assert in Thread Name: ssh_init with component ssh |
|
http config missing in multicontext
after reload of stdby 916.9 or later |
|
ASA does not respond to NS in Active/Active HA |
|
Commands not installed on Standby due to parser switch |
|
ASAv ACKs FIN before all data is received during smart licensing exch |
|
ASA 9.4.2.6 High CPU due to CTM message handler due to chip
resets |
|
ASA not rate limiting with DSCP bit set from the Server |
|
On reloading the ASA, ASA mounts SSD as disk 0, instead of the
flash. |
|
ASA SM on 9300 reloads multi-context over SSH when config-url is entered |
|
ASA treaceback at Thread Name: rtcli async executor process |
|
ASA DATAPATH traceback (Cluster) |
|
BGP Socket not open in ASA after reload |
|
Cisco ASA Cross Site Scripting SSLVPN Vulnerability |
|
ASA traceback in CLI thread while
making MPF changes |
|
Interfaces get deleted on SFR during cluster rejoining |
|
Traceback in Thread Name: ssh when issuing show
tls-proxy session detail |
|
SNMPv3 active engineID is not reset
when ASA is replaced |
|
ASA stuck in boot loop due to FIPS Self-Test failure |
|
ASA negotiates TLS1.2 when server in tls-proxy |
|
ipsecvpn-ikev2_oth: 5525 9.4.2.11 traceback in
Thread Name: IKEv2 Daemon |
|
ASA: CHILD_SA collision brings down IKEv2 SA |
|
ASA memory leak for CTS SGT mappings |
|
OTP authentication is not working for clientless ssl vpn |
|
issuer-name falsely detecting duplicates in certificate map using attr |
|
ASA Traceback when issue 'show asp
table classify domain permit' |
|
ASA Traceback in CTM Message Handler |
|
Enqueue failures on DP-CP queue may stall inspected TCP connection |
|
Traceback in IKE_DBG |
|
Unable to delete the SNMP config |
|
H.323 inspection causes Traceback in
Thread Name: CP Processing |
|
ASA traceback in ipsecvpn-crypto |
|
ASA DHCP Relay rewrites netmask and gw received as part of DHCP Offer |
|
ASA as DHCP relay drops DHCP 150 Inform message |
|
Remove ACL warning messages in show access-list when FQDN is
unresolved |
|
ASA Traceback in thread name CP
Processing due to DCERPC inspection |
|
ASA 1550 block depletion with multi-context transparent firewall |
|
AAA authentication/authorization fails if only accessible via mgmt vrf |
|
ASA may generate DATAPATH Traceback
with policy-based routing enabled |
|
Traceback
: ASA with Threadname: DATAPATH-0-1790 |
|
WebVPN:VNC plugin:Java:Connection reset by peer: socket write error |
|
Thread Name: snmp ASA5585-SSP-2
running 9.6.2 traceback |
|
IKEv2: It is NOT cleaning the sessions after disconnected from
the client. |
|
ASA Traceback Thread Name: emweb/https |
|
AAA session handle leak with IKEv2 when denied due to time range |
Revision: Version 9.5(3)1 – 10/19/2016
Files: asa953-1-smp-k8.bin
Defects resolved since 9.5(3):
Buffer Overflow in ASA Leads to Remote Code Execution |