Release Notes for Cisco Security Packet Analyzer 6.2(3)

Release Notes for Cisco Security Packet Analyzer 6.2(3)

---

January 06, 2017

This document supports the release of Cisco Security Packet Analyzer 6.2(3) version. This can be used for initial installation or to upgrade an existing version of Cisco Security Packet Analyzer 6.2(2) release.

Version 6.2(3) is a maintenance release consisting of bug fixes and performance improvements, with no new functionalities included. Please refer to Cisco Security Packet Analyzer 6.2(2) Release Notes for details on the new functionality introduced in version 6.2(2).

This document includes the following sections:

• Cisco Security Packet Analyzer 6.2(3)
• Upgrading Cisco Security Packet Analyzer 6.2(2) to 6.2(3)
• Verifying Cisco Security Packet Analyzer 6.2(3) Installation
• Obtaining Documentation, Support and Security Guidelines

Cisco Security Packet Analyzer 6.2(3)

The Cisco Security Packet Analyzer 6.2(3) contains the following changes over the 6.2(2) release:

• Packet Capture Performance Improvement:

This release brings the sustained and lossless packet capture rate to 11Gbps.

• General Bug Fixes:

– Fixed an issue with capture session disappearing after reboot.

– Fixed an issue with the debug port agent overwriting the aggregation configuration.

– Fixed an issue with non functional managed devices.

– Fixed an issue with the NIC clock not syncing to the Linux clock.

– Fixed an issue with the shutdown CLI command.

– Fixed an intermittent issue with the traceroute CLI command.

– Fixed an issue with the REST API nbi-system endpoint not redirecting to the correct product name.

• Security Bug Fixes:

– Fix for a security issue with downloading scheduled reports.

– Fix for CVE-2016-5195 (Dirty COW).

– Fix for CVE-2016-5696 (Off-path TCP exploit).

– Fixes for all September 2016 OpenSSL vulnerability disclosures.

Note Initial installation of 6.2(3) will take about five minutes longer than 6.2(2) installation.

Upgrading Cisco Security Packet Analyzer 6.2(2) to 6.2(3)

To upgrade a Cisco Security Packet Analyzer from the 6.2(2) release to the 6.2(3) release, it is recommended to place the 6.2(3) image on an FTP/HTTP/SCP/SFTP server and run the CLI command as follows:

upgrade <image-url> reformat

Ensure you have passed the reformat option. This option is required for 6.2(3) in order to support capture performance improvements. However, it will result in the loss of all existing capture data.

Note Before upgrading to 6.2(3), ensure that your packet capture data is downloaded and saved.

Verifying Cisco Security Packet Analyzer 6.2(3) Installation

To verify if Cisco Security Packet Analyzer 6.2(3) was installed successfully, log in to the CLI console and execute the show version command. The following version details should appear:

SECPA application image version: 6.2(3) RELEASE SOFTWARE [fc5]

Obtaining Documentation, Support and Security Guidelines

For information on accessing documentation, contacting support team, providing documentation feedback, security guidelines, and accessing recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation.