Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and
will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which
is resolved by an Interim release, we recommend that you use the Feature or
Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 9.4(2)11 – 02/23/2016
Files: asa942-11-smp-k8.bin
Defects resolved since 9.4(2)6:
|
SSL sessions stop processing -"Unable to create session
directory" error |
|
|
ASA: Traceback in Thread IP Address
Assign |
|
|
ASA WebVPN: Java RDP Plugin does not launch |
|
|
ASA Crashes and reloads citing Thread Name: idfw_proc |
|
|
ARP source IP sanity check against proxy-arp
list |
|
|
Traceback in ldap_client_thread with ldap attr mapping and pw-mgmt |
|
|
OCSP validation fails when multiple certs in chain are verified |
Revision: Version 9.4(2)6 – 01/28/2016
Files: asa942-6-smp-k8.bin
Defects resolved since 9.4(2)4:
|
Traceback in Thread Name: DATAPATH-1-1382 while processing nat-t packet |
|
|
ASA low DMA memory on low end ASA-X -5512/5515 devices |
|
|
Transactional ACL commit will bypass security policy during
compilation |
|
|
Share licenses are not activated on failover pair after power
cycle |
|
|
ASA traffic not sent properly using 'traffic-forward sfr monitor-only' |
|
|
Interface TLV to SFR is corrupt when frame is longer than 2048
bytes |
|
|
ASA: Stuck uauth entry rejects AnyConnect user connections |
|
|
ASA traceback on Standby device during
config sync in thread DATAPATH |
|
|
ASA - SSH sessions stuck in CLOSE_WAIT causing ASA to send RST |
|
|
ASA traceback while restoring backup
configuration from ASDM |
|
|
ASA traceback when removing dynamic
PAT statement from cluster |
|
|
filter sfr traffic may cause memory corruption |
|
|
9.1.6.8 traceback in Thread Name: ldap_client_thread |
|
|
PCP 10.6 Clientless VPN Access is Denied when accessing Pages |
|
|
ASA: Failover logging message appears in user context |
|
|
RSA 4096 key generation causes failover |
|
|
ASA: assertion "pp->pd == pd" failed: file
"main.c", line 192 |
|
|
http-form authentication fails after 9.3.2 |
|
|
ASA traceback when using an ECDSA
certificate |
|
|
PBR incorrect route selection for deny clause |
|
|
OSPF neighbor goes down after "reload in xx" commnad in 9.2 and later |
|
|
ASA 9.1.6.10 traceback after remove
compact flash and execute dir cmd |
|
|
DAP URL-List Command Says It Supports 491 Characters; Only
Supports 245 |
|
|
ASA TCP normalizer checksum verification cannot be disabled |
|
|
Cisco signed certificate expired for WebVpn
Port Forward Binary on ASA |
|
|
ASA 9.5.1 traceback in Threadname Datapath due to SIP
Inspection |
|
|
DHCP Relay fails for cluster ASAs with long interface names |
|
|
ASA(9.5.2) changing the ACK number sent to client with SFR
redirection |
|
|
"no ipv6-vpn-addr-assign" CLI
not working |
|
|
ASA L7 policy-map comes into affect only if the inspection is
re-applied |
Revision: Version 9.4(2)4 – 01/14/2016
Files: asa942-4-smp-k8.bin
Defects resolved since 9.4(2)3:
|
ASA
IKEv1 and IKEv2 Vulnerability |
|
|
|
IKEv2
Fragments may get dropped with a specific sequence of fragments |
||
Revision: Version 9.4(2)3 – 11/09/2015
Files: asa942-3-smp-k8.bin
Defects resolved since 9.4(2):
|
CPU hog due to snmp polling of ASA
memory pool information |
|
|
ASA WebVPN clientless cookie authentication bypass |
|
|
Disable ECDSA SSL Ciphers When Manually Configuring RSA Cert for
SSL |
|
|
ikev2 with DH 19 and above fails to pass traffic after phase2 rekey |
|
|
When > 510 characters entered in CLI, context switches to
admin/system |
|
|
Immediate FIN from client after GET breaks scansafe
connection |
|
|
Standby ASA inside IP not reachable after Anyconnect
disconnect |
|
|
Traceback in Thread Name: DATAPATH on modifying "set
connection" in MPF |
|
|
ASA picks incorrect trustpoint to
verify OCSP Response |
|
|
ASA traceback in Thread Name: fover_parse (ak47/ramfs) |
|
|
ASA traceback: SSH Thread: many users
logged in and dACLs being modified |
|
|
ASA TCP Normalizer sends PUSH ACK for invalid ACK for half-open
CONNS |
|
|
ASA traceback in Thread Name: CP Crypto Result Processing. |
|
|
OSPF over IKEv2 L2L tunnel is broken on ASA with 9.2.1 onwards |
|
|
Trace back with Thread Name: IP Address Assign |
|
|
ASA EIGRP does not send poison reverse for neighbors to remove
route |
|
|
Improper S2S IPSec Datapath Selection
for Remote Overlapping Networks |
|
|
ASA: Traceback in Thread Unicorn Admin
Handler due to Threat Detection |
|
|
Cisco ASA Software Version Information Disclosure Vulnerability |
|
|
ASA: ICMP error loop on cluster CCL with Interface PAT |
|
|
DNS Traceback in channel_put() |
|
|
Traceback in WebVPN rewriter |
|
|
DHCP Server Process stuck if dhcpd auto_config already enabled from CLI |