Hi, > On Wed, 2016-02-10 at 08:06 -0800, ps...@cisco.com wrote: >> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer >> Overflow Vulnerability >> >> Advisory ID: cisco-sa-20160210-asa-ike > Poor bastards stuck at 8.2 (like us) might be relieved to know that > there actually is a 8.2(5)59 version with the fix. Reading the SA page > I got the impression that there was no fixed software for 8.2(5). Thanks for the find, same situation we were in (well, several of our customers rather) - reading the advisory, it clearly states anything 8.x except 8.4 is recommended to go to 9.1 (yeah, right! Not opening that can^H^H^H crate of worms! Or more like Pandora's box?). Apart from at least one system that only has 256M of RAM (and therefore can't go to anything higher than 8.2 AFAIK), even going to the mentioned 8.4.7(30) caused some problems due to incorrectly (or incomplete) config migration for several systems ... of course it could be fixed, but still ... And yes, the systems should be kept more current, but seeing what happens when you do update more or less confirms the old saying "never change a running system" ... sadly ...
Still, if Cisco publishes an interim that fixes this disastrous flaw and is not at least following up on their announcement (8.2.5(59) was released 3 days after the initial notification was published), it's sort of a pain for users ... even the advisory on the web page hasn't been updated to at least list the option of using the interim ... :( -garry _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/