Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
15
Helpful
4
Replies

CSCus69732 - IOS-XE Evaluation of glibc GHOST vulnerability - CVE-2015-0235

Go to solution
Rps-Cheers
VIP
VIP

‎04-20-2020 04:03 AM - edited ‎04-20-2020 04:04 AM

How to understand the description in the bug:

The following are active releases and planned CCO date:

release CCO_Date

15.5(2)S/XE3.15.0S 3/31/2015 <<<<<<<<<<<<<

15.5(1)S1/XE3.14.1S 3/3/2015

15.4(3)S3/XE3.13.3S 5/29/2015

15.4(2)S3/XE3.12.3S 3/28/2015

15.4(1)S4/XE3.11.4S 5/29/2015

15.3(3)S6/XE3.10.6S 7/30/2015

15.2(4)S7/XE3.7.7S 3/20/2015

15.5(3)S/XE3.16.0S 7/31/2015 <<<<<<<<<<<<<<<

 

Known Affected Releases:
(8)
15.2(4)S
15.3(3)S
15.4(1)S
15.4(2)S
15.4(3)S
15.5(1)S
15.5(2)S <<<<<<<<<<<<<
15.5(3)S <<<<<<<<<<<<<<<
 
There are the same release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rps-Cheers

‎04-20-2020 05:07 AM

@Rps-Cheers wrote:
Why the fixed release also the affectd release

Cisco Bug IDs are rarely accurate. 

For more "reliable" information, always refer to the Security Bulletin: GNU glibc gethostbyname Function Buffer Overflow Vulnerability

  

View solution in original post

4 Replies 4

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎04-20-2020 04:16 AM

@Rps-Cheers wrote:

3.15.0S

3.14.1S

3.13.3S

3.12.3S

3.11.4S

3.10.6S

3.7.7S

3.16.0S

The fixed versions are above.  

(Wow.  This is a 5-year old security vulnerability.)

Go to solution
Rps-Cheers
VIP
VIP
In response to Leo Laohoo

‎04-20-2020 04:25 AM

HI Leo

Thanks for your response !

For example :Release 3.10.6S is mapping IOS 153-3.S6 (isr4400-universalk9.03.10.06.S.153-3.S6-ext.SPA.bin)
My understanding is that 15.5 (3) S and XE3.16.0S are the same version, but why 15.5 (3) S is in the affected list?
Why the fixed release also the affectd release ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rps-Cheers

‎04-20-2020 05:07 AM

@Rps-Cheers wrote:
Why the fixed release also the affectd release

Cisco Bug IDs are rarely accurate. 

For more "reliable" information, always refer to the Security Bulletin: GNU glibc gethostbyname Function Buffer Overflow Vulnerability

  

Go to solution
Rps-Cheers
VIP
VIP
In response to Leo Laohoo

‎04-20-2020 05:16 AM

Got it, thank you for your advice
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
Customers Also Viewed These Support Documents