Mellanox MLNX-OS® Release Notes for Lenovo SX90Y3452 · while the chassis management ensures the longest switch up time. ... interface of MLNX-OS® as well as basic configuration

www.mellanox.com

Mellanox MLNX-OS® Release Notes for Lenovo SX90Y3452

Software Ver. 3.5.1000

Mellanox Technologies Confidential2

Mellanox Technologies Confidential 3

Table of Contents

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Chapter 2 Supported Platforms, Firmware, Cables and Licenses . . . . . . . . . . . . . . . . . 4

2.1 Supported Switch Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2 Supported CPU Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.3 Supported Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.4 Supported Mezzanine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.5 Supported CPLD Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.6 Supported Software Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.7 Upgrade From Previous Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.8 Supported Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 3 Changes and New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Chapter 4 Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

4.1 General Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84.2 InfiniBand Known Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 5 Bug Fixes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.1 General Bug Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.2 Security Bug Fixes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 6 Submitting a Service Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21


1 IntroductionThis document is the Mellanox MLNX-OS® Release Notes for Lenovo SX90Y3452.MLNX-OS is a comprehensive management software solution that provides optimal perfor-mance for cluster computing, enterprise data centers, and cloud computing over Mellanox SwitchX® family. The fabric management capabilities ensure the highest fabric performance while the chassis management ensures the longest switch up time.The MLNX-OS documentation package includes the following documents:• User Manual – provides general information about the scope, organization and command line

interface of MLNX-OS® as well as basic configuration examples• Release Notes – provides information on the supported platforms, changes and new features,

and reports on software known issues as well as bug fixes

2 Supported Platforms, Firmware, Cables and Licenses

2.1 Supported Switch SystemsTable 1 - Supported Switch Systems

Model Number Description

2.2 Supported CPU Architecture• PPC 460

2.3 Supported Firmware• SwitchX® firmware version 9.3.7240• SwitchX®-2 firmware version 9.3.7240• ConnectX®-2 firmware version 2.9.1000 and higher• ConnectX®-3 firmware version with SwitchX® based systems 2.33.5000 and higher

2.4 Supported Mezzanine• ConnectX®-2, Mezzanine P/N 90Y3460 (MalayaP), 2.9.1316 and higher• ConnectX®-2, Mezzanine P/N 90Y3480 (MalayaP-Net), 2.9.1318 and higher• ConnectX®-3, Mezzanine P/N 90Y3488 (Merlin), 2.32.5100 and higher• ConnectX®-3, Mezzanine P/N 90Y3484 (Nevada), 2.32.5100 and higher• ConnectX®-3, Mezzanine P/N 90Y3456 (MalayaX), 2.32.5100 and higher• ConnectX®-3, Mezzanine P/N 90Y3468 (MalayaX-Net), 2.32.5100 and higher

2.5 Supported CPLD Version• 1.0.18

SX90Y3452 32-port 56Gb/s FDR InfiniBand blade switch system


2.6 Supported Software LicensesFor the software licenses supported with MLNX-OS® software please refer to the “Licenses” section of the “Getting Started” chapter of the Mellanox MLNX-OS User Manual.

2.7 Upgrade From Previous ReleasesOlder versions of MLNX-OS may require upgrading to one or more intermediate versions prior to upgrading to the latest. Missing an intermediate step may lead to errors. Please refer to Table 2to identify the correct upgrade order.

Table 2 - Supported Software Upgrades for SX90Y3452

Target Version Verified Versions From Which to Upgrade

For upgrade instructions refer to the section “Upgrading MLNX-OS Software” in Mellanox MLNX-OS User Manual.

2.8 Supported CablesFor a list of the Mellanox supported cables please visit the LinkX™ Cables and Transceivers page of the Mellanox Website at http://www.mellanox.com/page/cables?mtag=cable_overview.

3.5.1000 3.4.3002; 3.4.2008

3.4.3002 3.4.2012; 3.4.1120

3.4.2008 3.4.1120; 3.4.0012

3.4.1120 3.4.1110; 3.4.0012; 3.3.5066

3.4.1110 3.4.0012; 3.3.5066

3.4.0012 3.3.5066; 3.3.4402

3.3.5066 3.3.4402; 3.3.4100

3.3.4402 3.3.4100; 3.3.3706

3.3.4100 3.3.3706; 3.2.0596-1

3.3.3706 3.2.0596-1; 3.2.0596

3.2.0596-1 3.2.0596; 3.2.0291

3.2.0596 3.2.0291

When using Mellanox AOC cables longer than 50m use one VL to achieve full wire speed.


3 Changes and New Features Table 3 - Lenovo SX90Y3452 Changes and New Features

Category Description

Release 3.5.1000

User InterfaceUpdated outputs for the commands “show power”, “show power consumers” and “show voltage”See section “Chassis Management” in the User Manual

System Management Added support for hostname resolution through DHCPSee the command “dhcp hostname” in the User Manual

NTP Added support for NTP authenticationSee section “NTP, Clock & Time Zones” in the User Manual

AAA Added support for re-authentication of users when changing remote server configuration

Management Inter-faces

Added support for IP filtering on IP interfacesSee section “IP Table Filtering” in the User Manual

Release 3.4.3002

User Accounts Improved logic of AAA authorization map orderSee the command “aaa authorization map order”

CLI Improved module status displaySee command “show module” in the User Manual

XML API Improved XML interfaceRefer to MLNX-OS® XML API Reference Guide for more information

Release 3.4.2008

System Management Added ONIE support over MLNX-OS platforms

CLI New user interface for the commands “show guid”, “show lids”, and “show asic version”

CLI Improved module hierarchy in the output of the commands “show power” and “show temperature”

CLI Removed CPU component from the output of the command “show inventory”

SNMP Applied new index scheme for SNMP EntityTable

InfiniBand Switching New user interface for configuring InfiniBand port speed.See command “interface ib speed <port-speed>” in the InfiniBand chapter.

InfiniBand SwitchingNew user interface for referencing InfiniBand ports.See “interface ib” commands in the InfiniBand Switching chapter as well as the “Standard MIBs” subsection.

Release 3.4.1120

General Removed “sx_” prefix from version numbers in the code


General Bug fixes

Release 3.4.1110

WebUI Added popup Welcome screen when connecting via WebUISee section “Starting the Web User Interface” in the User Manual

Security Added default passwords to the XML default usersSee section “User Accounts” in the User Manual

Release 3.4.0012

Security Changed the HTTPS default ciphers to TLS.

Configuration Management

Upgraded to VPD version 2.05.

General Added support for Mellanox OFED 2.3 integration.

Interconnect Added support for LR4 modules.

SNMP Added support Mellanox configuration MIB.See section 4.17.1 “SNMP” in the User Manual.

WebUI Added support for Internet Explorer 11 web browser.

Table 3 - Lenovo SX90Y3452 Changes and New Features

Category Description


4 Known IssuesThe following sections describe MLNX-OS® known issues in this software release and possible workarounds.

4.1 General Known Issues

For hardware issues, please refer to the switch support product page.

Table 4 - General Known Issues (Sheet 1 of 4)

Index Category Description Workaround

1. Management Inter-faces

The command “reset factory keep-basic” removes management IP configuration.

N/A


DHCPv4/v6, VLAN, Zeroconf are not sup-ported on IPoIB.

N/A


When re-enabling interface ib0, MTU settings are not saved.

Manually configure MTU settings after re-enabling interface ib0.


The CLI command “ip default-gateway <interface>” sets the gateway address to 0.0.0.0 and prevents the user from adding other gateways.

Delete the entry by using the command “no ip default-gateway”.


Switch systems may have an expired HTTPS certification.

Generate a new certificate by changing the hostname.


Consecutive hostname modification is not sup-ported.

Wait 25 seconds before reattempting to modify the hostname.


Speed of mgmt0 interface is shown as “UNKNOWN” when working with VM.

N/A

8. DHCP In case switch host name is set to the default host name and is part of HA cluster.

Refer to section 4.1.6“Configuring Hostname via DHCP” before upgrading to this version.

9. Software Manage-ment

Only one image is allowed to be copied into the system (using the “image fetch” command). The user must remove old image files prior to fetching a new one.

N/A


10. Software Manage-ment

When upgrading to 3.4.1100 and above, before rebooting the system, the following issues may be encountered:• The following error would appear in the log:

“[cme.WARNING]: cme_get_swver: Version '3.4.1100' too short!”. This error may be safely ignored.

• If the agent is down, the command “update -a” from CMM reveals the wrong software version

N/A

11. User Accounts If AAA authorization order policy is config-ured to remote-only, then when upgrading to 3.4.3002 or later from an older MLNX-OS ver-sion, this policy is changed to remote-first.

N/A

12. Configuration Man-agement

After loading a new configuration file, please reboot the system. Otherwise, configuration may not be properly applied and errors may appear in the log.

N/A


The command set “revert {factory [keep-basic | keep-connect]| saved}” is removed.

Use the equivalent CMM command instead.


Merging two binary configuration files using the command “configuration merge” is cur-rently not supported.

Use the configuration text file “Apply” option instead.


When using a large set of configuration files, configuration apply can take more time than usual due to parallel activity of statistics data collecting.

N/A


Applying a configuration file of one system profile to another is not supported.

N/A

17. Logging “DROPPED MSG” errors may appear during reload (shutdown phase). These errors can be safely ignored.

N/A

18. Logging The warning “pgm_set_timeout” may appear in the log. This warning can be safely ignored.

N/A

19. Logging During system de-init, the error “[mdreq.ERR]: init(), mdr_main.c:634, build 1: Error code 14014” may appear in the log. This error can be safely ignored.

N/A

20. Logging The warning “[mgmtd.WARNING]: Upgrade could not find node to delete: /iss/config/stp/switch/ethernet-default/spanning-tree/mode” may appear in the log. This warning can be safely ignored.

N/A




21. Logging When using a regular expression containing | (OR) with the command “show log [not] matching <reg-exp>]”, the expression should be surrounded by quotes (“<expression>”), otherwise it is parsed as filter (PIPE) com-mand.

N/A

22. Logging Port up/down events on a port quickly toggling states may be displayed in wrong order in the monitoring terminal.

For actual port stats, use the command “show interface”.

23. User Management Some RADIUS and TACACS+ configurations keep the user locked out of the machine due to timeout limitation.

Press the reset button for 15 seconds, and then log in using your local authen-tication. Additionally, fix the configuration to avoid any future timeout issues.

24. User Management Logging into the system as USERID from the Serial Connection results in login failure the first attempt.

Log in again. The second attempt will result in a successful login.

25. WebUI Reversing the time clock can result in WebUI graphs’ corrupted data.

Clear the graphs data after setting the clock.

26. WebUI Enabling/disabling HTTPS while connected via HTTP to the WebUI may result in tempo-rary loss of connection to the webpage.

Refresh the page or navi-gate back using the browser’s back button.

27. WebUI Accessing the WebUI via Firefox with HTTPS is unsupported when working with SSL cipher TLS1.2 level.

Access the WebUI with Firefox only through HTTP.

28. WebUI Switching between binary configuration files when connected to the WebUI using HTTPS might result in the following message being displayed: “Switched configuration to ‘***’, which was already the active database.” This message is incorrect and can be safely ignored.

N/A

29. WebUI Importing a configuration text file with com-mands that only get enabled after running other commands is not possible through the WebUI. For example: the command “mlag-vip” is only available after running “protocol mlag”.

Import the configuration text file through the CLI.

30. WebUI If the configured ciphers in versions prior to 3.4.0012 were SSL and TLS ciphers, upgrading to this version will override that. The new default is to allow TLS ciphers only. To enable SSL, please run the command web https ssl ciphers all.

N/A




31. WebUI When SSH strict mode is activated with TLS 1.2, Firefox does not work properly.

N/A

32. WebUI When upgrading to this version, statistics files are reset. As a result, WebUI statistic graphs are reset as well.

N/A

33. CLI MLNX-OS® support up to 50 CLI session open in parallel.

N/A

34. CLI Command output filtering does not support the following commands: • show log• show configuration text files <file>

N/A

35. CLI When moving an IP Filter rule (ipv4 or ipv6) using the “rule move” option, the prefix “mov” does not auto-complete properly to “move.” This can result in incorrect help options and execute errors.

Complete the command string using tab after “mov” or make sure to fully type “move”.

36. SNMP The error “Cannot find module (MELLANOX-MIB)” may appear in the log when performing rollback to a MLNX-OS version older than 3.3.3000. This error can be safely ignored.

N/A

37. SNMP Upon system shutdown, the following error may appear: “[mibd.ERR]: mdc_foreach_bind-ing_ prequeried_parsed(), mdc_main.c”. This error can be safely ignored.

N/A

38. SNMP The ifNumbers MIB (OID: 1.3.6.1.2.1.2.1.0) on x86 switch systems displays 42 interfaces while the ifTable displays 40 due to VM man-agement interfaces that are not shown in the ifTable.

N/A

39. SNMP The tables dot1dTpFdbTable and dot1qT-pFdbTable support up to 10,000 entries

N/A

40. SNMP Request timeout should be set to at least 20 seconds since initial table calculation requires time.

N/A

41. Chassis Management Upon reaching critical thermal threshold, SR bit 2 is not set although the system is shut down and SR bit 3 is set instead.

N/A

42. Chassis Management When changing multiple fans or power supply modules, the modules need to be changed one at a time instead of taking them all out at once.

N/A

43. Virtual Machine When the VM feature is enabled, mgmt0 inter-face speed may be displayed as unknown.

N/A




4.2 InfiniBand Known IssuesTable 5 - InfiniBand Known Issues

Index Category Description Possible Workaround

1. InfiniBand Interfaces Port hardware speed and width capabilities set-tings affect port speed and width admin capa-bilities.

N/A

2. InfiniBand Interfaces Setting the port width to 1x in the WebUI and/or CLI is currently not supported.

N/A

3. InfiniBand Interfaces Port received packets counter may show ran-dom a value when the port is down.

N/A

4. SNMP ifPhysAddress OID returns the prefix of the Node GUID of the ib0 management.

N/A


5 Bug Fixes

5.1 General Bug FixesThe following table describes MLNX-OS® bug fixes in this software release.

Table 6 - General Bug Fixes

Index Category Description

5.2 Security Bug FixesTable 7 presents the security bug fixes which are added in this MLNX-OS version.

1. General Traffic loss occurs even when flow control is enabled.


A downloaded text configuration file does not work when uploaded back to the switch.


Sierra and Submarine switches show a POST failure on CIMM when virtu-ally or physically reseated or restarted.

4. CIMM Sierra and Submarine switches show a POST failure on CIMM when virtu-ally/physically reseated or restarted.

5. NTP The command “show ntp” always lists the last configured NTP server even if it has been deleted. This output can be safely ignored.

Table 7 - List of Security Bug Fixes

CVE Description

CVE-2013-4237 sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

CVE-2013-7424 The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an interna-tionalized domain name to ping6.

CVE-2014-2037 Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer deref-erence and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-3565 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.


CVE-2014-3613 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

CVE-2014-3620 cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

CVE-2014-3707 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

CVE-2014-9297 A stack-based buffer overflow was found in the way the NTP autokey protocol was imple-mented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.

CVE-2014-9298 It was found that because NTP’s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.

CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImage-CreateFromGif function.

CVE-2014-9751 The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

CVE-2015-1349 named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

CVE-2015-1781 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

CVE-2015-1798 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.


CVE Description


CVE-2015-1799 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

CVE-2015-3200 mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

CVE-2015-3216 Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unseri-alizer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

CVE-2015-3240 The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.

CVE-2015-3405 A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.

CVE-2015-3411 It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.


CVE-2015-3237 The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

CVE-2015-4024 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.


CVE Description


CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

CVE-2015-4148 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

CVE-2015-4342 SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbi-trary SQL commands via unspecified vectors involving a cdef id.


CVE-2015-4599 Multiple flaws were discovered in the way PHP's Soap extension performed object unserial-ization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.



CVE-2015-4602 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, pos-sibly, execute arbitrary code.

CVE-2015-4603 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, pos-sibly, execute arbitrary code.

CVE-2015-4620 name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attack-ers to cause a denial of service (REQUIRE assertion failure and daemon exit) by construct-ing crafted zone data and then making a query for a name in that zone.

CVE-2015-4734 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.

CVE-2015-4803 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.

CVE-2015-4805 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.


CVE Description


CVE-2015-4806 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

CVE-2015-4810 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect con-fidentiality, integrity, and availability via unknown vectors related to Deployment.

CVE-2015-4835 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.

CVE-2015-4840 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVE-2015-4843 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2015-4844 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVE-2015-4860 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.

CVE-2015-4868 Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2015-4871 Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confi-dentiality and integrity via unknown vectors related to Libraries.

CVE-2015-4872 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.

CVE-2015-4881 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.

CVE-2015-4882 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.

CVE-2015-4883 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.


CVE-2015-4901 Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confi-dentiality, integrity, and availability via unknown vectors related to JavaFX.


CVE Description


CVE-2015-4902 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVE-2015-4903 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.

CVE-2015-4906 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attack-ers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916.

CVE-2015-4908 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attack-ers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916.


CVE-2015-4916 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attack-ers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.

CVE-2015-5276 The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold. It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time.

CVE-2015-5352 The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when For-wardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a con-nection outside of the permitted time window.

CVE-2015-5477 named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attack-ers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

CVE-2015-5600 The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDev-ices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

CVE-2015-5652 Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current work-ing directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."


CVE Description


CVE-2015-5986 openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and dae-mon exit) via a crafted DNS response.

CVE-2015-6562 Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current work-ing directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."

CVE-2015-6563 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunc-tion with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

CVE-2015-6564 Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privi-leges by leveraging control of the sshd uid to send an unexpectedly early MONI-TOR_REQ_PAM_FREE_CTX request.

CVE-2015-6565 sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspec-ified other impact by writing to a device, as demonstrated by writing an escape sequence.

CVE-2015-5722 buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

CVE-2015-7575 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

CVE-2015-7691 The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash.


CVE-2015-7701 If ntpd is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory.


CVE-2015-7703 If ntpd is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files.


CVE Description


CVE-2015-7704 An ntpd client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to suc-ceed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query.

CVE-2015-7705 An ntpd client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to suc-ceed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query.

CVE-2015-7848 If ntpd is configured to enable mode 7 packets, and if the use of mode 7 packets is not prop-erly protected thru the use of the available mode 7 authentication and restriction mecha-nisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash.

CVE-2015-7849 If ntpd is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack.

CVE-2015-7850 If ntpd is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop.

CVE-2015-7851 If ntpd is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote con-figuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd to overwrite files.

CVE-2015-7852 If an attacker can figure out the precise moment that ntpq is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq, can cause ntpq to crash.


CVE Description


6 Submitting a Service RequestThe Mellanox® Support Center is at your service for any issues. You may access the Warranty Service through the Web Request Form by using the following link:http://www.mellanox.com/content/pages.php?pg=support_index.

CVE-2015-7853 A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack.

CVE-2015-7854 If ntpd is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was (foolishly) configured to disable authentica-tion, then an attacker can send a set of packets to ntpd that may cause it to crash, with the hypothetical possibility of a small code injection.

CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values. If ntpd is fed a crafted mode 6 or mode 7 packet containing an unusually long data value where a network address is expected, the decodenetnum() function will abort with an assertion fail-ure instead of simply returning a failure condition.

CVE-2015-7871 Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephem-eral symmetric peers by bypassing the authentication required to mobilize peer associations. This vulnerability appears to have been introduced in ntp-4.2.5p186 when the code handling mobilization of new passive symmetric associations (lines 1103-1165) was refactored.

CVE-2015-8370 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attack-ers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

CVE-2016-0728 The vulnerability lives in the keyring facility built into the various flavors of Linux. The keyring encrypts and stores login information, encryption keys and certificates, and makes them available to applications. In a report published by Perception Point, researchers said the vulnerability is a reference leak that can be abused to ultimately execute code in the Linux kernel.


CVE Description

Documents

Mellanox MLNX-OS® Release Notes for Lenovo SX90Y3452 · while the chassis management ensures the longest switch up time. ... interface of MLNX-OS® as well as basic configuration