Cisco
ASA Interim Release Notes
The
software images listed below are Interim releases. They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC
and will remain on the download site only until the next Maintenance release is
available. If you do not have a specific problem which is resolved by an
Interim release, we recommend that you use the Feature or Maintenance release
images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a production
environment. We strongly encourage you
to upgrade to a fully tested Maintenance or Feature release when it becomes
available.
Revision: Version 9.9(1)4 – 03/01/2018
Files: asa991-4-smp-k8.bin
Defects resolved since 9.9(1)3:
|
FTD with low IPSec lifetime traceback with
traffic |
|
|
9.7.1 traceback in snp_fp_qos |
|
|
ASA Portal Java plug-ins fail with the latest
Java updates |
|
|
ASA Traceback on Kenton in Thread Name:
CTM message handler |
|
|
ASA crashes on DATAPATH due to SIP traffic
hitting dynamic NAT rule |
|
|
ASA fails to rejoin the failover HA Or a
cluster with insufficient memory error, OGS enabled |
|
|
Sysopt permit-vpn behavior change to prevent
unintended clear-text traffic |
|
|
ASA: Software traceback in Thread Name:
Dynamic Filter updater |
|
|
FTD: IPv6 traffic is not being load-balanced
as per 5-tuple algorithm |
|
|
ERSPAN not working on FTD 6.2.2 |
|
|
REST-API Daemon Process Stack Too Small |
|
|
FTD prefilter policy only fast-paths single
direction of bidirectional flow |
|
|
ASA:OpenSSL Vulnerabilities CVE-2017-3737
and CVE-2017-3738 |
|
|
FP2100 FTD/ASA might report failure due to
MIO-blade heartbeat failure |
|
|
ASA - Traceback in thread name SSH while
applying BGP show commands |
|
|
ASDM stops working with hostscan enabled. ASDM
works with hostscan disabled. |
|
|
ASA takes significant time to send ICMPv6 echo
when pinging. |
|
|
Memory leak in idfw component on ASA |
|
|
Freed memory not released back to the system
quick enough on Kenton platforms |
|
|
ASAv5: Low free DMA memory on 9.8(2) and later |
|
|
'no snmp-server host <interface>
<ip-address>' does not work |
|
|
ASA traceback with thread name "idfw_proc
" |
|
|
ASA 9.8.2 Cluster Slave unit crash joining
cluster with SNMPv3 |
|
|
ASA traceback when failing over to standby
unit |
|
|
ASA Traceback in Thread Name: Unicorn Proxy
Thread |
|
|
ASA 5585 traceback while looking up a
aaa-filter |
|
|
ASA traceback with Thread Name: fover_parse |
Revision: Version 9.9(1)3 – 02/13/2018
Files: asa991-3-smp-k8.bin
Defects resolved since 9.9(1)2:
|
Threat Defense: Interface capture on lina CLI causes all traffic
to be dropped on data-plane |
|
|
ASA 9.6.2.11 - Intermittent authentication with CTP uauth in
cluster |
|
|
ASA Memory depletion due to scansafe inspection |
|
|
SNMP::User is not added to a user-list or host ,after
reconfigure it. |
|
|
FXOS - ASA/FTD standby unit in transparent mode may still
traffic for offloaded flows |
|
|
Hostscan: Errors in cscan.log downloading Microsoft and Panda
.dll files |
|
|
ASA/FTD traceback when enabling or clearing the packet capture
buffer |
|
|
iPhone IKEv2 PKI leaks over Wi-Fi using local certificate
authentication on ASA 5555 9.6.3 |
|
|
ASA getting stuck in hung state because of STATIC NAT
configuration for SNMP ports |
|
|
ASA, when acting as an HTTP client (file copy, etc) sometimes
fail to close the connection |
|
|
ASA broadcasting packets sent to subnet address as destination
IP |
|
|
SNMP deployment failure causes policy rollback |
|
|
FP4120 / ASA 9.6(3)230 "established tcp" not working
anymore after SW upgrade |
|
|
ASA traceback: thread name scansafe |
|
|
High CPU in IKE Daemon causing slow convergence of VPN tunnels
in a scaled environment |
|
|
Unable to save configuration in system context after enabling
password encryption in ASA |
|
|
dir /recursive cache:/stc and "dir cache:stc/2/" list
AnyConnect.xsd differently on ASA9.8.2 |
|
|
ASA 5506 running on 9.8.2.8 version, memory block of size 80 is
getting depleted |
|
|
ASA L2TP/IPSEC SMB upload of big files fails -
tcp-buffer-timeout drops |
|
|
Modifying service object-groups (add and remove objects) removes
ACE |
|
|
Elevated CPU Using Flow-Offload & High Rate of Flow Table
Collisions |
|
|
SSH/Telnet Traffic, 3-WHS, ACK packets with data is getting
dropped - reason (intercept-unexpected) |
|
|
GTP echo response is dropped in ASA cluster |
|
|
ASA backs out of connection when it receives Server Key exchange
with named curve as x25519 |
|
|
segfault while processing TCP traffic (StreamQueue). |
|
|
Split brain after recovery from interface failure when fover and
then data ifc goes down in order. |
|
|
Memory Leaking on ASA with vpnfol_memory_allocate and
vpnfol_data_dyn_string_allocator |
|
|
Kenton: ASA5506(FTD) traceback on policy deploy |
|
|
Blocks of size 80 leak observed when IRB is used in conjunction
with multicast traffic |
|
|
SSPs with ASA in multiple context moves in active-active situation
while failover is occurring |
|
|
Failover Master Passphrase Crash via ASDM |
|
|
FQDN ACL entries might be incomplete if DNS response from server
is large and truncated |
Revision: Version 9.9(1)2 – 02/03/2018
Files: asa991-2-smp-k8.bin
Defects resolved since 9.9(1):
|
Cisco Adaptive Security
Appliance Denial of Service Vulnerability |
|
|
Memory leak in Agg-Auth SAML
code |
|
|
Memory leak in IKE for
aggregate-auth |