Manualshelf

Release Notes

ManualsBrandsCisco Manualsvideo conferencing systemsCisco TelePresence Server on Multiparty Media 320
21222324252627282930
Resolved since version 3.1(1.97)
Identifier Description
CSCuo21468 Symptom:
The following Cisco Telepresence products:
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
include a version of openssl that is affected by the vulnerability identified by the Common
Vulnerability and Exposures (CVE) ID CVE-2014-0160. This bug has been opened to address
the potential impact on this product.
Conditions:
Device with default configuration and running TelePresence server software 2.3(x), 3.0(x) or 3.1
(x)
Workaround:
Not currently available. Customers that do not require of the new functionality present on
TelePresence server software 2.3(x), 3.0(x) or 3.1(x) may evaluate the possibility to downgrade
affected devices to TelePresence server release 2.2, which is not affected by this vulnerability.
Further Problem Description:
Additional details about this vulnerability can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and
Temporal CVSS scores as of the time of evaluation are 5/5:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:N
/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources.
This includes the CVSS score assigned by the third-party vendor when available. The CVSS
score assigned may not reflect the actual impact on the Cisco Product.
CVE-2014-0160 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
CSCui23212 The TelePresence Server's maximum packet size restriction did not behave as expected.
This issue is now resolved.
CSCun27820 The TelePresence Server could previously request flow control on the received video stream
based on the size at which the stream was viewed by others. This behavior was considered too
aggressive when used with more recent flow control features.
This has been resolved by applying the flow control request only when the stream is not being
viewed at all, rather than when it is viewed at small resolutions.
CSCun27995 In some circumstances the following error messages could display: DSP xxxx, object
00000000: DSP xxxx vs_surface store alloc x failures in last five seconds
(where x represents a number, such as DSP 8496, object 00000000: DSP 2130 vs_
surface store alloc 2 failures in last five seconds). This issue is now resolved.
CSCun68517 In some rare circumstances, a TelePresence Server could restart while trying to encode a JPEG
snapshot image with an invalid size.
Cisco TelePresence Server Software Release Notes (4.0(2.8)) Page 25 of 36
Resolved issues