Cisco ASA Interim Release Notes

 

The software images listed below are Interim releases.  They contain bug fixes which address specific issues found since the last Feature or Maintenance release.  The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.

 

Important:  These images were not fully regression tested.  Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality.  Keep this testing status in mind if you decide to run them in a production environment.  We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.

 

 

Revision:  Version 8.2.5(59) – 2/13/2016

Files:  asa825-59-k8.bin, asa825-59-smp-k8.bin

Defects resolved since 8.2.5(58):

 

CSCux29978

ASA IKEv1 and IKEv2 Vulnerability

 

CSCux42019

IKEv2 Fragments may get dropped with a specific sequence of fragments

 

 

Revision:  Version 8.2.5(58) – 10/21/2015

Files:  asa825-58-k8.bin, asa825-58-smp-k8.bin

Defects resolved since 8.2.5(57):

 

CSCto40061

ssl lib error no shared cipher - VPN LB webvpn conn - missing ID cert

CSCus94026

ISAKMP SERVER traffic from codenomicon crashes ASA

CSCut03495

ASA traceback in ThreadName:ci/console,while pinging DNS Server name

CSCut46019

MARCH 2015 OpenSSL Vulnerabilities

CSCuu07799

Traceback: mem_get_owner+104 at slib/../finesse/snap_api.h:163

CSCuu83280

Evaluation of OpenSSL June 2015

 

 

Revision:  Version 8.2.5(57) – 04/08/2015

Files:  asa825-57-k8.bin, asa825-57-smp-k8.bin

Defects resolved since 8.2.5(55):

 

CSCur21069

Cisco ASA Failover Command Injection Vulnerability

CSCut45114

2048-byte block leak if DNS server replies with "No such name"

 

 

Revision:  Version 8.2.5(55) – 02/02/2015

Files:  asa825-55-k8.bin, asa825-55-smp-k8.bin

Defects resolved since 8.2.5(52):

 

CSCug51375

ASA SSL: Continues to accept SSLv3 during TLSv1 only mode

CSCup00433

Failover Standby unit has higher memory utilization

CSCuq35090

Webvpn: Support for XFRAME in additional portal and CSD pages

CSCuq77655

1550 block leak occur if DNS replies "refused" query response

CSCur23709

ASA  : evaluation of SSLv3 POODLE vulnerability

CSCus08101

ASA: evaluation of Poodle Bites in TLSv1

CSCus42901

JANUARY 2015 OpenSSL Vulnerabilities

 

 

Revision:  Version 8.2.5(52) – 12/02/2014

Files:  asa825-52-k8.bin, asa825-52-smp-k8.bin

Defects resolved since 8.2.5(51):

 

CSCtq52661

Cisco ASA Local Path Inclusion Vulnerability

 

 

Revision:  Version 8.2.5(51) – 10/08/2014

Files:  asa825-51-k8.bin, asa825-51-smp-k8.bin

Defects resolved since 8.2.5(50):

 

CSCum56399

Cisco ASA GTP Inspection Engine Denial of Service Vulnerability

CSCun11074

Cisco ASA SunRPC Inspection Denial of Service Vulnerability

CSCup36829

Cisco ASA SSL VPN Portal Customization Integrity Vulnerability

CSCuq28582

Cisco ASA VPN Failover Commands Injection Vulnerability

CSCuq29136

Cisco ASA SSL VPN Info Disclosure and DoS Vulnerability

 

 

Revision:  Version 8.2.5(50) – 06/30/2014

Files:  asa825-50-k8.bin, asa825-50-smp-k8.bin

Defects resolved since 8.2.5(49):

 

CSCsk87165

ENH - Add device serial number and platform string to show run output

CSCum70178

Datapath:Observing Deadlock in different DATAPATH threads

CSCuo61372

ASA doesn't send invalid SPI notify for non-existent NAT-T IPSec SA

CSCup22532

Multiple Vulnerabilities in OpenSSL - June 2014

CSCup34515

ASA WebVPN login button not present in portal

 

 

Revision:  Version 8.2.5(49) – 06/04/2014

Files:  asa825-49-k8.bin, asa825-49-smp-k8.bin

Defects resolved since 8.2.5(48):

 

CSCun19025

ASA WebVPN login page XSS vulnerability

CSCuo12279

ASA IKE/IPSEC SAs are torn down after a failover

 

 

Revision:  Version 8.2.5(48) – 04/09/2014

Files:  asa825-48-k8.bin, asa825-48-smp-k8.bin

Defects resolved since 8.2.5(46):

 

CSCtr80800

Improve HTTP inspection's logging of proxied HTTP GETs

CSCtz12435

ASA - dhcp relay - bindings are not created for DHCP Informs

CSCtz70573

SMP ASA traceback on periodic_handler for inspecting icmp or dns trafic

CSCua85555

Cookie usage in SSL VPN

CSCub62584

ASA unexpectedly reloads with traceback in Thread Name: CP Processing

CSCue46275

Connections not timing out when the route changes on the ASA

CSCuf67469

ASA sip inspection memory leak in binsize 136

CSCuh44052

ASA sip inspection memory leak

CSCuj33496

Privillage level 0 users getting full access

CSCul10352

OpenSSH vulnerability CVE-2012-0814: Debug messages with key info

CSCul35600

WebVPN: sharepoint 2007/2010 and Office2007 can't download/edit pictures

CSCul70099

ASA SSL VPN Privilege Escalation Vulnerability

 

 

Revision:  Version 8.2.5(46) – 10/09/2013

Files:  asa825-46-k8.bin, asa825-46-smp-k8.bin

Defects resolved since 8.2.5(41):

 

CSCth04487

WEBVPN:wwwin secondary links do not work in any version

CSCti07431

1/5 minute input rate and output rate are always 0 with user context.

CSCts15825

RRI routes are not injected after reload if IP SLA is configured.

CSCty54953

ASA Continuously rebooting due to failed identification test

CSCua22709

ASA traceback in Unicorn Proxy Thread while processing lua

CSCub98434

ASA - SQL*Net Inspection Engine Denial of Service Vulnerability

CSCuc06857

Accounting STOP with caller ID 0.0.0.0 if admin session exits abnormally

CSCuc58260

ICMP to management-access interface through VPN fails

CSCuc65775

ASA CIFS UNC Input Validation Issue

CSCuc92292

ASA may not establish EIGRP adjacency with router due to version issues

CSCud37992

HTTP Deep Packet Inspection Denial of Service Vulnerability

CSCud70273

ASA may generate Traceback while running packet-tracer

CSCud98455

ASA: 256 byte blocks depleted when syslog server unreachable across VPN

CSCue05458

16k blocks near exhaustion - process emweb/https (webvpn)

CSCue11669

ASA 5505 not Forming EIGRP neighborship after failover

CSCue35343

Memory leak of 1024B blocks in webvpn failover code

CSCue48276

ASA drops packets with IP Options received via a VPN tunnel

CSCue63881

ASA SSHv2 Denial of Service Vulnerability

CSCue73708

Group enumeration still possible on ASA

CSCue74649

When specifying two same OID in GETBULK, reply has no duplicate OID

CSCue88337

Prefill username from certificate does not extract serial number

CSCue88423

ASA traceback in datapath thread with netflow enabled

CSCue88560

ASA Traceback in Thread Name : CERT API

CSCuf06633

ASA traceback in Thread Name: UserFromCert

CSCuf16850

split-dns cli warning msg incorrect after client increasing the limit

CSCuf34123

ASA 8.3+ l2l tunnel-group name with a leading zero is changed to 0.0.0.0

CSCuf85295

ASA changes user privilege by vpn tunnel configuration

CSCuf85846

Standby ASA may traceback due to watchdog while removing xlates

CSCug03975

ASA DNS Inspection Denial of Service Vulnerability

CSCug22787

Change of behavior in Prefill username from certificate SER extraction

CSCug34469

ASA OSPF LSA Injection Vulnerability

CSCug83401

ASA Remote Access VPN Authentication Bypass Vulnerability

CSCuh01983

ASA tearsdown TCP SIP phone registration conn due to SIP inspection

CSCuh20716

Re-transmitted FIN not allowed through with sysopt connection timewait

CSCuh44815

ASA Digital Certificate HTTP Authentication Bypass Vulnerability

CSCuh48577

Slow memory leak on ASA due to SNMP

CSCuh90799

ASA 5505 Ezvpn Client fails to connect to Load Balance VIP on ASA server

 

 

Revision:  Version 8.2.5(41) – 03/15/2013

Files:  asa825-41-k8.bin, asa825-41-smp-k8.bin

Defects resolved since 8.2.5(33):

 

CSCsr58601

SCCP does not handle new msg StartMediaTransmissionACK

CSCti14272

Time-based License Expires Pre-maturely

CSCtr04553

Traceback while cleaning up portlist w/ clear conf all or write standby

CSCtr92976

ESMTP inspection corrupts data

CSCtx32727

GTP inspect not working in Asymmetric Routing Envirement with ASR group:

CSCty18976

ASA sends user passwords in AV as part of config command authorization.

CSCty59567

Observing traceback @ ipigrp2_redist_metric_incompatible+88

CSCua50058

PP : TFTP ACK to last block dropped

CSCua99091

ASA: Page fault traceback when copying new image to flash

CSCub61578

ASA: Assert traceback in PIX Garbage Collector with GTP inspection

CSCub72990

ASA is max-aging OSPF LSAs after 50 minutes

CSCub84164

ASA traceback in threadname Logger

CSCub85692

ASA traceback in IKE Daemon while handling IKEv1 message

CSCub86331

HA ASA Zero downtime upgrade on HA pair is not working

CSCub89078

ASA standby produces traceback and reloads in IPsec message handler

CSCub97263

WebVpn PortForward code signning issue

CSCub99578

High CPU HOG when connnect/disconnect VPN with large ACL

CSCuc16455

ASA packet transmission failure due to depletion of 1550 byte block

CSCuc19882

Flash filesystem does not recognize filesnames > 63 characters

CSCuc24919

ASA: May traceback in Thread Name: fover_health_monitoring_thread

CSCuc50544

Error when connecting VPN: DTLS1_GET_RECORD Reason: wrong version number

CSCuc53623

ASA: Unable to kick off rekeying in redundant topology

CSCuc57210

ASA: ICMP error may be dropped due to rpf-check

CSCuc60566

ASA IPSEC error:  Internal Error, ike_lock trying to unlock bit

CSCuc60950

Traceback in snpi_divert with timeout floating-conn configured

CSCuc72408

Denial of Service During Validation of Crafted Certificates.

CSCuc75090

Crypto IPSec SA's are created by dynamic crypto map for static peers

CSCuc83170

ipsecvpn-ike:IKEv1 rekey fails when IPCOMP proposal is sent

CSCuc84079

ASA: Multiple context mode does not allow configuration of 'mount'

CSCuc89163

Race condition can result in stuck VPN context following a rekey

CSCuc96224

ASA 8.2.2.9 traceback in thread SSH during capture tftp copy

CSCuc96911

ASASM platform is not exempt from MAC move wait timer

CSCuc97552

Deny rules in crypto acl blocks inbound traffic after tunnel formed

CSCud14057

Unable to access to ASA by SSH on trunk Interface.

CSCud16590

ASA may traceback in thread emweb/https

CSCud29007

License server becomes unreachable due to "signature invalid" error

CSCud36686

Deny ACL lines in crypto-map add RRI routes

CSCud41507

Traffic destined for L2L tunnels can prevent valid L2L from establishing

CSCud64725

VPNLB: Lost packet during IKEv1 not retransmitted

CSCud69251

traceback in ospf_get_authtype

CSCud74941

ASA LDAP Mapping should not map 0 to values with no match

CSCud84827

ASA 5580 running 8.2(5)13 traceback

CSCud89974

flash in ASA5505 got corrupted

CSCue01071

Standby ASA traceback in thread name "Dispatch Unit" during bulk sync

 

 

Revision:  Version 8.2.5(33) – 09/12/2012

Files:  asa825-33-k8.bin, asa825-33-smp-k8.bin

Defects resolved since 8.2.5(26):

 

CSCsy84937

AUTOCOMPLETE attribute is not disabled for SSL VPNs

CSCta46747

Traceback while executing show run after modifying the access-list

CSCtc79873

ASA 8.2 may calculate memory usage incorrectly

CSCtg71572

vpn-simultaneous-logins does not work for cert-only AnyConnect

CSCti16586

ASA 8.2(1)11 failed to return MIB data for SNMPV3 GetBulk request

CSCtj12159

ASA (8.3.2) traceback in Thread Name: DATAPATH-1-1295

CSCtn56517

"Failed to update IPSec failover runtime data" msg on the standby unit

CSCtn69856

ASA 1550 byte block depletion in ctm_frag_list

CSCtq69173

configuration causes ASA upgrade to go into traceback/boot loop

CSCtq78296

ASA 5505 prints message %ASA-1-111111 when adding a new vlan interface

CSCtq84922

ASA admin context memory usage is invalid

CSCtr24705

Traceback seen while running packet-tracer due to Page fault

CSCtr65014

vpn-filter removed incorrectly from ASP table blocks L2L traffic

CSCtr79885

ASA with VoIP memory leak 1% per day on binsize 56

CSCtr83416

Incorrect results returned by SNMP object cipSecGlobalActiveTunnels

CSCts72188

ASA: SSH process may exist after being orphaned from SSH session

CSCts98806

Standby ASA 5585 Reporting Service Card Failure on Signature Update

CSCtt32565

Specific closing sequence may cause ESMTP inspect to hog CPU for 1+ sec

CSCtu02353

Unable to access ASDM when webvpn is enabled on ASA

CSCtu34793

ASA 5580 Multicontext ERROR: unable to create listener on interface

CSCtw95262

ASA sends unidirectional RST when a packet is dropped via MPF

CSCtw99054

VPN: Bytes RCV and XMT incorrect in session disconnect message

CSCtx10196

Webvpn : Javascript rewrite causing login button to be inactive

CSCtx20108

TCP conns between ASA and Websense server disappear over lossy link

CSCtx33347

Standby ASA traceback while trying to replicate xlates

CSCtx42632

Match option on ISAKMP captures not working

CSCtx43083

Syslog 199011 "Close on bad channel in process/fiber"

CSCtx47019

ASA reloads and produces Coredump but no crashinfo.

CSCtx68075

ASA WebVPN breaking when Windows Patch KB2585542 is applied

CSCtx83820

ASA 8.x AAA Authentication Listener HTTP Redirect not working with IE9

CSCtx86924

ASA: Traceback in purgatory in release of DSH (datastructure handle)

CSCtx86956

ASA: Nested traceback in telnet/ci

CSCtx98905

ASA traceback with Thread Name: dhcp_daemon

CSCty01573

Blank page returns when move away from portal using group-url and return

CSCty13871

AJAX XML file fails to be processed causing script failure

CSCty16661

ASA fails to reserve some UDP ports for PAT w/ flow-export destination

CSCty32412

ASA: Anyconnect u-turn to ipsec tunnel fails

CSCty33480

Clientless vpn: Accessing Citrix bookmark reveals DAP configuration

CSCty36034

ASA: Active/Active failover group stuck in Bulk Sync with SIP inspect

CSCty36675

Smarttunneled RDP client on MAC doesn't throw error after incorrect auth

CSCty47140

New Create PDP Ctx Req with TEID 0 should remove pre-existing active PDP

CSCty54520

Flowplayer URL reference fails

CSCty62368

Traceback with Netflow configuration

CSCty70661

HTTP Inspection does not understand verb without trailing LWSP

CSCty71842

ASA :Traceback while copying via TFTP/ASDM with no Thread Name

CSCty74915

Chassis serial number is incorrect in call-home message on 5585 platform

CSCty81963

ASA sends User-Password RADIUS attribute wrongly with EAP authentication

CSCty84595

IPSEC traffic from RA users & dynamic sites dropped on ASA 5585

CSCty84843

ASA not able to install intermediate certificate when using pkcs12

CSCty93931

ASA generates traceback message when connected with L2TP/IPsec

CSCty95742

ASA-4-402116 - error message displays outer instead of inner packet

CSCtz03292

ASA may reload with traceback related to SSH, PING, DHCP, or IPSEC

CSCtz05457

authentication in esmtp inspection breaks

CSCtz15503

ASA: Assert tracebacks with GTP inspection

CSCtz24166

ASA webvpn ProQuest Professional Documentation System unusable

CSCtz27402

ASA WebVPN URL Rewrite Failing - Form action with special characters

CSCtz32065

Traceback in Thread Name accept/http

CSCtz40094

ASA 8.2.5.27 secondary traceback after the upgrade - Thread Name: snmp

CSCtz41926

RA VPN license client fails to request more licenses from the server

CSCtz41928

Traceback: timer assert due to nf_block timer race condition

CSCtz43942

skinny-inspect intermittently uses odd port for RTP stream

CSCtz56971

ASA SCH - Traceback in thread name: sch_prompt anonymous reporting

CSCtz63143

ASA sip inspect - duplicate pre-allocate secondary pinholes created

CSCtz78693

ASA SSLVPN Java RDP Plugin traceback with socket write error exception

CSCtz79983

Incorrect MPF conn counts cause %ASA-3-201011 and DoS condition

CSCtz94135

Syslog 324001 Reason string missing when pkt dropped because of Null TID

CSCtz97792

Block depletion, embedded web client transmit queue

CSCua02570

ASA nointeractive trustpoint auth fails with Incorrect fingerprint

CSCua12688

debug ctl-provider causes traceback

CSCua13845

entConfigChange is unexpectedly sent from Secondary ASA when add/remove

CSCua16597

Webvpn: RDP ActiveX plugin causes high cpu with IE

CSCua30564

CPU-hog during line-protocol-up event of 4GE-SSM ports

CSCua44445

ASA sends too large TCP payload when ASA MSS < Client MSS

CSCua50160

ASA: Page fault traceback in lu_rx with failover and GTP inspection

CSCua58478

Traceback in Thread Name: CERT API

CSCua83032

Some parts of the WebVPN login susceptible to HTTP Response Splitting

CSCua86676

aaa-radius: ASA sending duplicate Radius access request

CSCua86807

large number of simultaneous ike request causes block depletion

CSCua88376

ASA vulnerable to CVE-2003-0001

CSCua91108

ASA unexpected system reboot with Thread Name: UserFromCert Thread

CSCua92333

Flowcontrol status is OFF on ASA, after enabling it on ASA and switch.

CSCua92556

ASA sip inspect - Pre-allocate SIP NOTIFY TCP secondary channel

CSCua98019

Cisco script injected in html tags, JS conditional comments

CSCub06626

ASA may traceback while loading a large context config during bootup

CSCub10537

4096 byte block depletion due to ak47_np_read

CSCub37882

Standby ASA allows L2 broadcast packets with asr-group command

 

 

Revision:  Version 8.2.5(26) – 03/14/2012

Files:  asa825-26-k8.bin, asa825-26-smp-k8.bin

Defects resolved since 8.2.5(22):

 

CSCsv94848

Warning message for, "igmp static-group" - affective should be effective

CSCta06013

Fuzzing testbed, traceback in the javascript parser

CSCtf79704

ASA -crasActGrNumUsers does not update tunnel groups after upgrade

CSCtr44930

Nested obj does not work if contained in src and dst of ACL

CSCts18480

ASA IKEv1 Traceback in vpnfol_thread_msg ike_fo_create_new_sa on Standby

CSCts89642

 'show mroute' has null Outgoing Interface List for (*,G) entry w/ bidir

CSCtt03492

ASA should not send data in the 3rd message of TCP 3WHS w/ LDAP over SSL

CSCtt98991

ASA: Decrypted VPN packets dropped due to bad-tcp-cksum when using NAT-T

CSCtu32204

ASA 5580 : traceback in thread DATAPATH-3-1230

CSCtu42856

ASA: May fail FIPS Self-Test

CSCtu95699

ASA: Traceback with Checkheaps related to GTP inspection

CSCtw45576

TCP sequence space check ignored in some cases

CSCtw52716

ASA5585 show inventory not updated

CSCtw56707

%ASA-3-201011: Connection limit exceeded when not hitting value

CSCtw58682

SSLVPN Portal uses incorrect DNS Group after failover

CSCtw84068

ASA tracebacks when subjected to vulnerability scan

CSCtx01251

ASA: May traceback in DATAPATH during capture

CSCtx03464

Standby ASA traceback in DATAPATH-0-1400 or Dispatch Unit

CSCtx08354

Traceback when memory low and memory profile enabled

CSCtx10196

Webvpn : Javascript rewrite causing login button to be inactive

CSCtx11578

ASA does not start DPD when phase 1 up but phase 2 down

CSCtx16166

ASA may not log syslogs 611101, 605005 for asdm sessions to certain int

CSCtx28628

Clientless - VLAN assign't under group-policy breaks tunneled dflt route

CSCtx36026

VPN session failure due to auth handle depletion

CSCtx38644

Webvpn: Can't copy & paste in web portal with IE8 and IE9

CSCtx42643

Received unexpected event EV_REMOVE in state AM_WAIT_DELETE

CSCtx42746

cut through proxy authentication vulnerability

CSCtx57829

Syslog 324001 Reason string is missing

CSCtx58556

ActiveX RDP Plugin fails to connect from WIn7 PC after upgrade to 8.4(3)

CSCtx65353

ASA: 8.4 Page fault traceback while displaying "sh run threat-detection"

CSCtx66538

ASA: Traceback in thread name EAPoUDP

CSCtx69018

MSFT KB2585542 breaks cut-thru proxy and IUA

CSCtx69059

Traceback in Unicorn Proxy Thread under heavy WebVPN load

CSCtx73124

WEBVPN - upload of files larger then 2GB fails through CIFS

CSCtx92801

ASA: Failover due to data channel failure when making IPS config changes

CSCty32899

PDP context idle timer is reset when using the TID option in show cmd

 

 

Revision:  Version 8.2.5(22) – 01/25/2012

Files:  asa825-22-k8.bin, asa825-22-smp-k8.bin

Defects resolved since 8.2.5(13):

 

CSCsz04730

PIX/ASA: When route changes connections over IPSEC tunnel not torn down

CSCtf22329

show service-pol int outside set conn det causes traceback

CSCtg06320

DHCP ACK not sent by the firewall.

CSCtj09979

IKEv2 traceback with 1 L2L and  1 RA tunnel

CSCtj79795

WebVPN:flv file within the Flowplayer object is not played over webvpn

CSCtk08509

L2 table entries for identity i/f not deleted when interface removed

CSCtn00318

ASA Unexpectedly Reloads with a Traceback due to a Watchdog Failure

CSCtn20148

EIGRP default-route is not displayed w/ "ip default-route" route removed

CSCtn56501

ASA 8.2 Crypto Engine Tracebacks Multiple Times

CSCto08497

ASA: dynamic-filter database update may trigger cpu-hogs

CSCto34765

ASA may traceback in Thread Name: DATAPATH-1-1235 (ipsecvpn-crypto)

CSCto81636

IPv6 traffic not updated after neighbor changes

CSCtq15197

WebVPN:flv file within the Flowplayer object is not mangled correctly

CSCtq27873

AC can not connect to the ASA if the no. of group aliases is >190

CSCtq37772

asa 8.2(2) traceback with TN : Unicorn Proxy Thread

CSCtq65262

ASA: SSH sessions return extra characters when using CR+LF

CSCtq75817

Oracle Jinitiator over WebVPN sends incorrect HTTP request

CSCtq84364

High CPU and Orphaned SSH session for on ASA 8.3(2.8)

CSCtq96616

ASA - LU allocate connection failed with conn-max policy

CSCtq97430

Coverity 100595: FORWARD_NULL in ppp_auth_process_attributes()

CSCtr00526

L2TP over IPSec session fails after IPSec P2 rekey

CSCtr23854

traceback in Crypto CA during multiple ocsp requests

CSCtr31788

Standby ASA generates syslog 210005 while transmitting data on FTP

CSCtr63071

5585 735XXX syslogs reporting wrong id

CSCtr63728

ASA reloads with traceback in Thread Name : Dispatch Unit

CSCtr66582

Memory leak on ASA 5585-increase of 1% everyday

CSCtr78703

ASA 8.4.2 http inspection might break certain flows intermittently

CSCtr80605

ASA5580 traceback with Thread name telnet/ci

CSCtr91981

LDAP authentication fails when no RootDSE info returned

CSCts10661

SSM-4GE doesn't handle unicast packets after "hw-module module 1 reset"

CSCts10797

Webvpn :Support for XFRAME: DENY option in portal

CSCts10887

ASA sends Server Identifier field in DHCP REQUESTS duirng renewal

CSCts13848

ASA may traceback in dns_process

CSCts18026

ASA 5520 8.2.5 : traceback at thread name snmp

CSCts32474

Incorrect time displayed on cut through proxy auth page

CSCts33551

NAT-T compatibility improvement with Windows 7

CSCts41215

NAC Framework - Status Query triggers full Posture Revalidation

CSCts43136

ESMTP drops email with DKIM header

CSCts45638

8.4.2.2: Thread Name: DATAPATH-0-1272 Page fault: Unknown

CSCts46366

Slow memory leak by skinny

CSCts48937

Memory leak in DP udp host logging resulting in 1550 byte blocks leak

CSCts69531

Traceback in Dispatch Unit on Standby with timeout floating-conn

CSCts76258

xlate objects with no associated conns and idle timer >  timeout

CSCtt00286

ASA5585 Page fault traceback in Thread Name: DATAPATH-5-2312

CSCtt02123

WebVPN: Multiple tracebacks seen in WebVPN in Unicorn Proxy thread

CSCtt03480

ASA Radius User-Password attribute is not included in Access-Request

CSCtt04614

webvpn - ES keyboard diacritics incorrectly managed by RDP plugin

CSCtt04665

Traceback in Thread Name: IP Address Assign

CSCtt07749

ASA is responding to IKE request when in vpnclient mode

CSCtt11835

Traceback in Thread Name: tacplus_snd

CSCtt18185

ASA traceback cause by Global Policy

CSCtt25173

ASA 5520 8.2.5 memory leak in the inspect/gtp area

CSCtt29810

AAA Command Authorization Reactivates Failed Server on Every Attempt

CSCtt34959

ASA and apple L2TP IPSec client disconnects

CSCtt45496

ASA traceback in thread ci/console with names > 48 char in prefix-list

CSCtt74695

wrong vpn-filter gets applied when peers have overlapping address space

CSCtt76391

SNMPv3 Information Disclosure Vulnerability

CSCtt96550

ASA - Dispatch unit traceback - snp_nat_xlate_timeout

CSCtu00961

Some specific flash file doesn't work through WebVPN on ASA

CSCtu01307

WebVPN: Oracle Java applets failing thru the rewriter

CSCtu04723

vpnclient mac-exempt cmd inconsistent when adding more than 16 entries

CSCtu10620

WebVPN:flv file within the Flowplayer object is not played over webvpn

CSCtu14362

back port CSCtr63071 5585 735XXX syslogs reporting wrong id to 8.2

CSCtu22108

ASA traceback in thread sch_dispatcher when attempting to call home

CSCtu25253

show shared license' after toggle license-server causes traceback

CSCtu26615

Clientless VPN paging application failure

CSCtu27846

Backup Shared license server remains ACTIVE even when the Master is up

CSCtu30581

ASA 5580 traceback when CSM attempts deployment

CSCtu33068

WebVPN URL Mangler does not handle encoded value of "&#47"

CSCtu40752

5580: assert failure in thread CP Processing

CSCtu42772

ASA webvpn doesn't rewrite some redirect messages properly

CSCtu57453

ASA: Traceback after removing 'ip address dhcp setroute' with DDNS

CSCtv19046

DACL is not applied to AC when connection via the webportal

CSCtw35765

Threat Detection Denial Of Service Vulnerability

CSCtw50190

threat-detection: page fault traceback at eip snp_td_host_stat_create

CSCtw81408

Apple Lion OS L2TP Client behind NAT device does not connect

CSCtw89522

Cut-through proxy - users unable to log in

CSCtw93059

Page fault traceback in crypto_lib_keypair_show_mypubkey_all

 

 

Revision:  Version 8.2.5(13) – 09/19/2011

Files:  asa825-13-k8.bin, asa825-13-smp-k8.bin

Defects resolved since 8.2.5:

 

CSCsy68961

ASA 5580 reboots with traceback in threat detection

CSCtf51346

ASA may leave connection in half-closed state

CSCtg06320

DHCP ACK not sent by the firewall.

CSCtg76404

Traceback in Thread Name: Checkheaps due to logging

CSCth14248

ASA not sending all logging messages via TCP logging

CSCth34278

Clientless WebVPN Memory Leak Causes Blank Page after Authentication

CSCth48476

ASA WebVPN doesnt rewrite URL Encoded Data in Location Response Header

CSCth58048

Assert Failure caused Traceback in Thread Name: Dispatch Unit

CSCth77370

IPv6 : ASA Stops responding to IPv6 ND sollicitation

CSCti10186

ASA 8.0.5.9 Standby with a traceback in Thread Name:Checkheaps

CSCti11757

SNMP: ASA responds after two SNMP requests

CSCti54387

ASA 8.2.2.x traceback in Thread Name: Dispatch Unit

CSCti54545

EIGRP metrics will not update properly on ASA

CSCti62667

Connections stay open w/ 'sysopt connection timewait' & NetFlow

CSCtj41730

WebVPN: Function "get_base_path" give an error for empty urls

CSCtk84288

Syslog %ASA-7-108006 generated erroneously

CSCtl06156

NAT Xlate idle timer doesn't reset with Conn.

CSCtl23397

ASA may log negative values for Per-client conn limit exceeded messg

CSCtl41335

ASA traceback when layer-2 adjacent TCP syslog server is unavailable

CSCtl67486

ASA MSN Inspection Watchdog Crash

CSCtl86184

ASA 8.2 flow control might not work for redundant interfaces

CSCtn09117

ASA 8.2.4 402126: CRYPTO: The ASA created Crypto Archive File

CSCtn48877

Traceback in fover_FSM_thread with IPv6 failover on SSM-4GE-INC

CSCtn70741

correct error msg be displayed instead of "ERROR: % Invalid Hostname"

CSCtn74485

ASA5580 traceback in DATAPATH-7-1353

CSCtn74649

BTF DNS-Snooping TTL maxes out at 24 hours, less than actual TTL

CSCtn99416

WebVPN: Dropdown menu doesn't work in customized SharePoint 2010

CSCto06207

ASA 8.4.1 traceback in Thread UserFromCert

CSCto31425

ASA: L2TP and NAT-T overhead not included in fragmentation calculation

CSCto34823

multicast packets dropped in the first second after session creation

CSCto40365

Crafted TACACS+ reply considered as successful auth by ASA

CSCto42990

ASA fails to process the OCSP response resulting in the check failure

CSCto49160

can not access cifs folder with japanese character

CSCto50936

SAP Portal - Event Tracking Script fails to display correclty

CSCto53199

Traceback with phone-proxy Thread Name: Dispatch Unit

CSCto73569

ASA WebVPN clientless not possible to access ipv6 services on the inside

CSCto89607

ASA sends invalid XML when tunnel-group name contains &

CSCto92380

SunRPC inspection DUMP reply crash

CSCto92398

SunRPC inspection credential length crash

CSCtq00144

VPN RA session DAP processing fails with memberOf from OpenLDAP

CSCtq06062

SunRPC inspection arithmetic overflow in parse_transport_address

CSCtq06065

SunRPC inspection arithmetic overflow in portmap code

CSCtq07658

ASA: Traceback in ci/console on Standby unit

CSCtq10528

Host listed in object group TD shun exception gest shunned

CSCtq10654

Threat-detecton stats showing incorrect output

CSCtq12037

WebVPN : bytes lost in ftp uploading using IE via smart tunnel

CSCtq13070

VPN-Filter Not Applied When AC Initiated Through Weblaunch

CSCtq19611

IPSec  - Error message trying to reserve UDP port in Multicontext mod

CSCtq27530

Java RDP plugin doesn't work with sslv3 on ASAs

CSCtq30094

CSD scan happens for SSL VPN when connecting via group alias

CSCtq31185

CPU Hog found when invoking 'svc image'

CSCtq34233

ASA traceback in thread emweb/https

CSCtq46808

ASA rebooted unit always become active on failover setup

CSCtq50523

Using non-ASCII chars in interf desc makes the ASA reload with no config

CSCtq52342

OWA 2007 via WebVPN Sessions fail to get notifications of new emails

CSCtq56043

ASA Tracebacks in 'Thread Name: IPv6 ND'

CSCtq57642

Cannot point IPv6 route to a link-local that matches other intf

CSCtq57697

ILS inspection traceback on malformed ILS traffic

CSCtq70326

Interface "description" command allows for more than 200 characters.

CSCtq72776

ASA may reload in threadname Dispatch unit

CSCtq84759

ASA wont take "ip audit info action alarm" under "crypto ca" subcommand

CSCtq90084

ASA traceback in thread Dispatch Unit

CSCtr03453

Zimbra email suite not usable through WebVPN

CSCtr12176

L2L - IPSEC Backup- Peer list is not rotated/cycled with dual failure

CSCtr14920

lightview based Modal Elements do not work with webvpn

CSCtr23914

ASA: Certificate renewal from same CA breaks SSLVPN

CSCtr26724

ASA threat detection does not show multicast sender IP in statistics

CSCtr36022

Java AJAX session does not work over SSLVPN

CSCtr39013

ASA - panic traceback when issuing show route interface_name

CSCtr47517

ASA - Reload in Thread Name: PIM IPv4

CSCtr55374

ASA: asr-group in TFW A/A FO doesn't rewrite dst MAC for IP fragments

CSCtr62720

conns are not fully replicated to standby if config has many ACLs

CSCtr65241

connections are not replicated to standby unit

CSCtr65785

Enabling AC Essentials should logoff webvpn sess automatically

CSCtr69771

backslash in username for ftp over webvpn changed to semi-colon

CSCtr72514

ASA: Traceback in telnet/ci thread when running 'show webvpn svc'

CSCtr74940

Active ASA traceback Thread: DATAPATH-3-1290, rip spin_lock_get_actual

CSCtr93086

ASA Failover: 106017 Deny IP due to Land Attack on Normal(Waiting) ifc

CSCtr94429

ASA: Local-host and all conns are torn down when client hits conn limit

CSCtr96686

Java RDP plugin traceback when using empty user in URL to Win2008 server

CSCtr99598

ASA doesn't classify MIME type correctly for .exe and .dmg in Firefox

CSCts09257

Traceback in sch_dispatcher thread

CSCts32313

ASA 8.4(1) - mailto for xmpp protocol mail clients fails