TC5.1.11 Release date for EX/C/SX OpenSSL vulnerability

hashimoto.kotaro · ‎04-24-2014

Hi all,

Bug ID CSCuo26378 says EX/C/SX OpenSSL vulnerability are fixed in TC5.1.11, TC6.3.1 or TC7.1.1.

But TC5.1.11 is not released yet(as of 04/25/2014).

Does anybody know when TC5.1.11 will be released?

Best Regards,

Kotaro

Martin Koch · ‎04-25-2014

Did you try to contact TAC about it? Thats what I would try to do.

Besides that I would use TC6.3.1 or TC7.1.1 instead of TC5 if possible.

Please remember to rate helpful responses and identify

ed.terry · ‎04-28-2014

Sorry if this is a dumb question, but stepping-up from 5x to 6x or 7x requires a release key. How does one secure a release key?

Wayne DeNardi · ‎04-28-2014

you can get a release key a couple if ways

if you have a valid service contract you can get one from www.cisco.com/go/licence

otherwise, you can request one through the TAC.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

ed.terry · ‎04-28-2014

Thanks. Now at 7.1.1

Wayne DeNardi · ‎04-27-2014

Given that it was only mentioned as being a "fixed" version in the Heartbleed security advisory, but wasn't made available along with TC6.3.1 and TC7.1.1, I wouldn't expect it to be readily available.

If you really need it - try contacting the TAC to request it.

The better option would be to upgrade to one of the newer releases, especially since anything pre-TC6.1 is vulnerable to a SIP DoS condition (Cisco-SA-20130619-TPC).

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

Magnus Ohm · ‎04-29-2014

Hi

FYI

We will release TC5.1.11 later today.

/Magnus

hashimoto.kotaro · ‎05-06-2014

Thank you all and sorry to reply late.

We have about one week vacation on May in Japan.

Now I found TC5.1.11 at Cisco download site.

By the way, in case of using self-signed certificates, after upgrading to TC5.1.11, TC6.3.1 or TC7.1.1, should we perform backup and factory reset to generate a new certificate? (Because certificates used on codec might have been exposed)

And after factory reset, will the new certificate survive even if we restore the configuration?

Kotaro

Magnus Ohm · ‎05-06-2014

Hi

Yes that is correct, you need to factory reset the system after upgrade to generate a new certificate. You can restore the backup and this will not affect the new certificate.

/Magnus

hashimoto.kotaro · ‎05-07-2014

Thank you Magnus,

Let me ask one more question.

From TC7, root account is permanently disabled.

That means we can not use SCP anymore to backup and restore favorites.

So how should we backup and restore favorites (local contact) on TC7?

I am feeling dizzy if I have to add favorites for many codecs after factory reset

Kotaro

ed.terry · ‎04-30-2014

TC5.1.11 has finally been released. Note from TAC:

I am glad to inform you that TC 5.1.11 has now been released, and it is available for you to download.

This is the download link:

http://software.cisco.com/download/release.html?mdfid=284091229&flowid=46589&softwareid=280886992&release=TC5.1.11-SX&relind=AVAILABLE&rellifecycle=&reltype=latest