Resolved Issues in ExtremeXOS 21.1.4-Patch1-3

The following issues were resolved in ExtremeXOS 21.1.4-Patch1-3. ExtremeXOS 21.1.4-Patch1-3 includes all fixes up to and including ExtremeXOS 11.6.5.3, and earlier, ExtremeXOS 12.0.5, ExtremeXOS 12.1.7, ExtremeXOS 12.2.2-patch1-12, ExtremeXOS 12.3.6, ExtremeXOS 12.4.5, ExtremeXOS 12.5.5, ExtremeXOS 12.6.3, ExtremeXOS 12.6.5.2-Patch1-3, ExtremeXOS 12.7.1, ExtremeXOS 15.1.5.4-Patch1-9, ExtremeXOS 15.2.4.5-Patch1-5, ExtremeXOS 15.3.1.4-patch1-47, ExtremeXOS 15.3.5.2-patch1-10, ExtremeXOS 15.4.2.8, ExtremeXOS 15.5.5.2, ExtremeXOS 15.6.5, ExtremeXOS 15.7.3, ExtremeXOS 16.1.3, ExtremeXOS 21.1.1, ExtremeXOS 21.1.2, ExtremeXOS 21.1.3, and ExtremeXOS 21.1.4. For information about those fixes, see the release notes for the specific release.

Click to expand in new window

Resolved Issues, Platform-Specific, and Feature Change Requests (CRs) in ExtremeXOS 21.1.4-Patch1-3

CR Number Description
General
xos0057140 Transceiver information for 40G Q+SR4 optic module shows invalid power and threshold values.
xos0065665 Incorrect MAC address entries appear in "l2_user_entry" table.
xos0067280 Uploading a file using SFTP creates a read-only file on the switch.
xos0068002 File system check of /dev/hda8 failed error occurs during switch power cycle after “manufacture-init”.
xos0068304 External PSU status appears as "failed" in show power command output even though it is not present.
xos0068687 Multicast traffic to host randomly stops when enabling onePolicy with PVID 4095.
xos0068767 Trap receiver configuration is not saved in ExtremeXOS when configured from Extreme Management Center.
xos0068785 L2PT packets fail to switch over to backup path during failover.
xos0068810 SNMP walk on entPhysicalClass returns Other(1) instead of Fan(7) for fan trays.
xos0068840 NetLogin process ends unexpectedly with signal 11, when client sends logoff message before completing the authentication process.
xos0068911 After enabling STP auto-bind on a VLAN, removing all ports from the VLAN, and then adding them back, displays STP tag as "(none)" in the show ports information detail command.
xos0069061 Exsshd process ends unexpectedly with signal 11 during stack failover.
xos0069070 The process BCMAsync stops processing with scaled route/ARP entries in hash table.
xos0069220 Users can access Chalet by easily guessing the login session ID created by an existing session.
xos0062256 When auto-polarity is turned off, link comes up for straight cable rather than crossover connection.
xos0062785 Need a mechanism to avoid configuring static route gateway and local IP as the same.
xos0062882 Whole MIB compilation gets stuck at EXTREME-V2-TRAP MIB.
xos0065300 Kernel crash occurs when there are continuous new multicast streams with PIM SM configuration.
xos0067587 When running show tech-support command with user-created VRs, show configuration command does not display full configuration.
xos0068888 When the command show tech-support all detail is executed after running enable cli-config-logging, messages beginning with "serial unknown" appear in the log. This issue also occurs when executed from a Telnet session.
xos0069051 After 65,000 new FDB entries are learned, subsequent entries are continuously added and deleted.
xos0069114 The show configuration command output displays additional word "minutes" under "aaa" module when lockout-time-period is configured.
xos0069150 In the output of the show vlan command, ports can have both "!" and "*" flags set if the port is a share group port.
xos0069180 Cannot configure some IP security features after removing and adding ports from VLANs.
xos0069196 Inconsistent port learning flag appears in HAL with PVLAN and MLAG configuration.
xos0069210 Unable to create private VLAN with 32-character name if the first 31 characters match an existing private VLAN name.
xos0069423 When using Chalet to configure the sysContact and sysLocation, semicolon is not allowed.
Summit X770 Series Switches
xos0069487 HAL process ends unexpectedly with signal 6 when switch boots up with PTP configurations.
Summit X440-G2 Series Switches
xos0068490 On ExtremeSwitching X440G2-48P/48t switches, cable diagnostic script (cablediag.py) does not work.
SummitStack
xos0068500 HAL timeout occurs while rebooting the stack using the command reboot stack-topology.
Security
xos0069306 Session hijacking (CVE-2017-14332): A remote user can hijack a session on the switch web server due to the SessionIDs used by the webserver authentication service on ExtremeXOS being insufficiently random. Also, documented in xos0069140.
xos0069140
The following are ExtremeXOS vulnerabilities due to scripting allowed when in FIPS mode:
  • Escape from EXSH restricted shell (CVE-2017-14331)
  • Information disclosure (CVE-2017-14327)
  • Privilege Escalation (root interactive shell) (CVE-2017-14329)
  • Privilege Escalation (root interactive shell) (CVE-2017-14330)
The following are additional ExtremeXOS vulnerabilities:
  • Denial-of-service (CVE-2017-14328). See also xos0069213.
  • Session hijacking (CVE-2017-14332). See also xos0069306.
xos0069213 Denial-of-service (CVE-2017-14328): A remote user can force the switch to reboot by sending a single, specially crafted SOAP packet to the web server. Also documented in xos0069140.