Extreme Networks is pleased to introduce the ExtremeSecurity V7.7.2.8 Patch 10.
Note
We recommend that you review this document prior to installing or upgrading this product.ExtremeSecurity V7.7.2.8 Patch 10 is released and resolves 46 field issues reported from users and administrators. An additional security bulletin was added to this release note on December 4th, 2017.
Before installing this update, there are three important changes that administrators should be aware of if they did not install the previous ExtremeSecurity release (V7.7.2.8 Patch 7, Patch 8, or Patch 9). This message is being included in the V7.7.2.8 Patch 10 release notes for visibility:
| Current ExtremeSecurity Version | Upgrades to ExtremeSecurity V7.7.2.8 Patch 9? |
|---|---|
| ExtremeSecurity V7.7.2.3 (any patch level) or earlier | No, a minimum of ExtremeSecurity V7.7.2.4 is required. |
| ExtremeSecurity V7.7.2.4 (any patch level) | Yes |
| ExtremeSecurity V7.7.2.5 (any patch level) | Yes |
| ExtremeSecurity V7.7.2.6 (any patch level) | Yes |
| ExtremeSecurity V7.7.2.7 (any patch level) | Yes |
| ExtremeSecurity V7.7.2.8 (any patch level) | Yes |
The 7.2.8-QRADAR-QRSIEM-20171013131303 fix pack can upgrade ExtremeSecurity V7.7.2.4 (7.2.4.983526) and later to the latest software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar. To review any additional requirements, see the ExtremeSecurity Upgrade Guide. If you are on a version of ExtremeSecurity earlier than ExtremeSecurity V7.7.2.4, you must upgrade to ExtremeSecurity V7.7.2.4 before proceeding to ExtremeSecurity V7.7.2.8.
Important
A ExtremeSecurity V7.7.2.8 ISO is available on IBM Fix Central for administrators to want to install a new appliance or virtual machine. Administrators who want to complete a new install need to review the ExtremeSecurity Installation Guide.
Known issue in ExtremeSecurity V7.7.2.8 Patch 10
| Product | Component | Number | Description |
|---|---|---|---|
| EXTREMESECURITY | USER INTERFACE | IJ00800 | "HTTP ERROR 400" ERROR WHEN DRILLING DOWN INTO SEARCH RESULTS USING INTERNET EXPLORER 11 AND EDGE WEB BROWSER |
Note
Legend: ** characters are displayed next to an APAR indicate that this issue was discovered in another software version, such as ExtremeSecurity V7.7.3.0 and a fix was created to resolve this issue in V7.7.2.8 Patch 10. Some APAR links in the table below might take 24 hours to display properly after a software release.Issues resolved in ExtremeSecurity V7.7.2.8 Patch 10
| Product | Component | Number | Description |
|---|---|---|---|
| EXTREMESECURITY | SECURITY BULLETIN | CVE-2015-6420 | APACHE COMMONS COLLECTION AS USED IN IBM EXTREMESECURITY SIEM IS VULNERABLE TO REMOTE CODE EXECUTION. |
| EXTREMESECURITY | CUSTOM ACTION SCRIPTS | IJ01043** | THE EXTREMESECURITY USER INTERFACE CAN BECOME UNRESPONSIVE WHEN LOADING THE LOG SOURCES WINDOW DUE TO A SENSORDEVICE TABLE LOCK |
| EXTREMESECURITY | CUSTOM ACTION SCRIPTS | IV86075** | A CUSTOM ACTION SCRIPT USING THE PARAMETER 'CREEVENTLIST' CAN FAIL AND GENERATE AN EXCEPTION IN QRADAR LOGGING |
| EXTREMESECURITY | CUSTOM ACTION SCRIPTS | IV86611 | CUSTOM ACTION RESPONSE RETURNS 'NULL' VALUE FOR SOME DEFINED PARAMETERS |
| EXTREMESECURITY | ASSETS | IV89590** | THE 'ASSET NAME' FIELD FOR ASSETS CAN SOMETIMES BE BLANK |
| EXTREMESECURITY | UPGRADES | IV91296 | PATCHING TO EXTREMESECURITY VERSION V7.7.2.7 CAN FAIL IF THE CONSOLE DATABASE HAD PREVIOUSLY BEEN MANUALLY RESTORED |
| Extreme Security Incident Forensics | NOTIFICATIONS | IV91662 | EXTREMESECURITY SYSTEM NOTIFICATIONS SIMILAR TO '...FORENSICSNODE. FORENSICSNODE123 HAS FAILED TO START FOR XXXXX INTERVALS...' |
| EXTREMESECURITY | OFFENSES | IV93254 | 'DEVICE STOPPED SENDING EVENTS' RULE SOMETIMES DOES NOT DISPLAY THE ASSOCIATED LOG SOURCE WHEN PART OF AN OFFENSE |
| EXTREMESECURITY | DASHBOARD | IV93409 | NEW EXTREMESECURITY USERS THAT ARE CREATED BY LDAP AUTHENTICATION DO NOT HAVE ANY DEFAULT DASHBOARDS |
| EXTREMESECURITY | DSM EDITOR | IV93696 | DSM EDITOR CAN DISPLAY REGEX GRABS INCONSISTENTLY BETWEEN WORKSPACE FIELD AND LOG ACTIVITY PREVIEW |
| EXTREMESECURITY | ASSET DETAILS | IV93867** | THE ASSET DETAILS, ASSET SUMMARY WINDOW OF AN ASSET CAN SOMETIMES BE MISSING THE 'OPERATING SYSTEM' DATA |
| EXTREMESECURITY | OFFENSE/DSM EDITOR | IV94165 | EVENTS CONTRIBUTING TO AN OFFENSE CANNOT BE DISPLAYED AFTER CUSTOM EVENT PROPERTY 'OFFENSEID' IS CREATED IN DSM EDITOR |
| EXTREMESECURITY | FLOWS | IV94791 | FLOWSOURCE_ALIAS TABLE IS NOT REPLICATED FROM CONSOLE TO MANAGED HOSTS |
| EXTREMESECURITY | DSM EDITOR | IV95514 | SELECTED EVENT DOES NOT DISPLAY IN THE DSM EDITOR WORKSPACE |
| EXTREMESECURITY | SEARCHES | IV96161 | SEARCHES CAN FAIL WITH 'CONNECTING TO THE QUERY SERVER' ERRORS OR 'I/O ERROR OCCURRED' WHEN A LARGE NUMBER OF SECURITY PROFILES EXIST |
| EXTREMESECURITY | SERVICES | IV96190** | HOSTCONTEXT CAN RUN OUT OF MEMORY DUE TO TASK MANAGEMENT DATABASE TABLE BECOMING CORRUPTED |
| EXTREMESECURITY | DISK SPACE | IV96323 | THE /STORE/TRANSIENT PARTITION DOES NOT PERFORM REQUIRED CLEANUP WHEN RUNNING LOW ON FREE DISK SPACE |
| EXTREMESECURITY | DISK SPACE | IV96357 | /VAR/LOG/ PARTITION CAN RUN OUT OF SPACE DUE TO LOGS FILLING WITH MESSAGES 'THE USERSESSION OBJECT IN SESSIONCONTEXT...' |
| EXTREMESECURITY VULNERABILITY MANAGER | SEARCHES | IV96411 | SEARCHES FOR VULNERABILITY BY INSTANCE CAN DISPLAY A COUNT, BUT NO DATA |
| EXTREMESECURITY | MASTER CONSOLE | IV96863 | VIEWING OFFENSES IN MASTER CONSOLE CAN GENERATE THE ERROR 'ERROR 12: ENDPOINT INVOCATION RETURNED AN UNEXPECTED ERROR' |
| EXTREMESECURITY | SEARCHES | IV97167 | SEARCHES CAN FAIL/CANCEL WHEN A MAXIMUM NUMBER OF RESULTS IS REACHED |
| EXTREMESECURITY | USER INTERFACE | IV97182 | "MANAGE SEARCH RESULTS" PAGE FAILS TO LOAD WITH A 'GENERAL FAILURE. PLEASE TRY AGAIN' ERROR MESSAGE |
| EXTREMESECURITY | FLOW DATA | IV97276 | THE QFlow PROCESS CAN SOMETIMES STOP PROCESSING WHEN OVERFLOW CONDITIONS ARE EXPERIENCED |
| EXTREMESECURITY | BACKUP / RESTORE | IV97342 | EXTREMESECURITY BACKUPS CAN TIMEOUT WHEN APPS ARE INSTALLED |
| EXTREMESECURITY | LICENSE | IV97521 | UNABLE TO ALLOCATE LICENSE TO A 3129 CONSOLE APPLIANCE |
| EXTREMESECURITY | REPORTS | IV97575 | A VULNERABILITY REPORT'S VULNERABILITY COUNT VALUE CAN VARY WITHIN DIFFERENT SECTIONS OF THE SAME REPORT |
| EXTREMESECURITY | DEPLOYMENT | IV97835 | TUNNEL CONNECTIONS REMAIN AFTER A DATA NODE OR EVENT COLLECTOR ARE REMOVED FROM A EXTREMESECURITY DEPLOYMENT |
| EXTREMESECURITY | FLOW DATA | IV97942 | AUTO UPDATE CAN CAUSE AN INTERRUPTION IN FLOW COLLECTION AND A "PERFORMANCE DEGRADATION" SYSTEM NOTIFICATION IN THE USER INTERFACE |
| EXTREMESECURITY | SEARCHES | IV98068 | IN PROGRESS SEARCHES THAT RUN LONGER THAN THE CONFIGURED SEARCH RESULTS RETENTION PERIOD ARE DELETED PRIOR TO COMPLETION |
| EXTREMESECURITY | DATA OBFUSCATION | IV98095 | ATTEMPTING TO OBFUSCATE A LARGE VOLUME OF USERNAME FIELD BASED EVENTS CAN CAUSE OBFUSCATED EVENTS TO BE DROPPED |
| EXTREMESECURITY VULNERABILITY MANAGER | SCANNING | IV98207 | QVM SCAN RESULT DISPLAYS 100% PROGRESS AND STOPPED AS SCAN DURATION TIME CONTINUES TO INCREMENT |
| EXTREMESECURITY | USER MANAGEMENT | IV98259 | THE USER MANAGEMENT > AUTHENTICATION WINDOW CAN DISPLAY 'KEY NOT FOUND: JSP.EXTREMESECURITY...' MESSAGES IN THE USER INTERFACE |
| EXTREMESECURITY | API | IV98260 | API SEARCHES RETRIEVING A COMPLETED SEARCH FROM THE /ARIEL/SEARCHES ENDPOINT CAN SOMETIMES RETURN A 500 ERROR CODE |
| EXTREMESECURITY | OPERATING SYSTEM | IV98442 | EXTREMESECURITY V7.7.2.8 REPLACES REDHAT'S GRUB WITH GRUB 2 |
| EXTREMESECURITY | APPLICATION FRAMEWORK | IV98486 | EXTREMESECURITY APPLICAION DATA CAN APPEAR TO BE MISSING AFTER APPLYING A EXTREMESECURITY PATCH |
| EXTREMESECURITY | UPGRADES | IV98518 | EXTREMESECURITY PATCHING TO 7.2.8P7, P8 or P9 FAILS IF THE SYSTEM WAS BUILT USING EXTREMESECURITY ISO VERSION 7.1.0.380596 AND HAS QRM |
| EXTREMESECURITY VULNERABILITY MANAGER | REPORTS | IV98524 | EMAILED VULNERABILITY SCAN REPORTS CAN SOMETIMES BE BLANK |
| Extreme Security Incident Forensics | REPORTS | IV98529 | QNI ONLY GENERATES FILE INFORMATION FOR THE LAST FILE CONTAINED WITHIN A SINGLE EMAIL, NOT ALL FILES |
| EXTREMESECURITY | SEARCH PERFORMANCE | IV98539 | ARIEL SEARCHES THAT DO MANY STRING COMPARISONS CAN RUN SLOWER THAN EXPECTED IN LOW MEMORY SCENARIOS |
| EXTREMESECURITY | QFLOW SERVICES | IV98542 | Extreme Security QFlow Collectors CAN EXPERIENCE REPETITIVE PROCESS FAILURES TO START, AND CORE DUMPS THAT CAN LEAD TO FILE SPACE ISSUES |
| EXTREMESECURITY VULNERABILITY MANAGER | ASSET DATA | IV98728 | SCAN RESULT DATA CAN SOMETIMES FAIL TO UPDATE THE EXTREMESECURITY ASSET MODEL |
| EXTREMESECURITY LOG MANAGER | RULES | IV98928 | ADDITIONAL RULE TESTS CANNOT BE ADDED TO CURRENT RULES AND NEW RULES CANNOT BE CREATED WHEN USING EXTREMESECURITY LOG MANAGER |
| EXTREMESECURITY | QUICK SEARCH INDEXES | IV99204 | LUCENE INDEX DIRECTORIES DO NOT HONOR THE 'PAYLOAD INDEX RETENTION' CONFIGURED IN THE SYSTEM SETTINGS |
| EXTREMESECURITY | UPGRADES | IV99289 | EXTREMESECURITY MEMORY CHECK PRETEST ON AN XX48 CAN FAIL WITH A RAM REQUIREMENT ERROR '...WE NEED AT LEAST 256G OF RAM...' |
| EXTREMESECURITY VULNERABILITY MANAGER | SCAN RESULTS | IV99333 | INCONSISTENT ASSET COUNTS WHEN DRILLING DOWN INTO SOME SCAN RESULTS |
| EXTREMESECURITY | UPGRADES | IV99559 | EXTREMESECURITY UPGRADE FROM V7.7.2.8 P6 TO V7.7.3.0 GA CAN FAIL AT TOMCAT NOT STARTING |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB