Release Notes

ManualsBrandsDell ManualsserversDell PowerConnect B-DCX

Closed with Code Change in Fabric OS v7.2.1b

Fabric OS v7.2.1e Release Notes v1.0 Page 57 of 82

Defect ID:

DEFECT000503299

Technical Severity:

High

Probability:

Low

Product:

FOS

Technology:

Other

Reported In Release:

FOS6.4.3

Technology Area:

Other

Symptom:

After FOS upgrade, CLI "swithchsow" reports multiple ports in disabled state with reason as "Not

ready for F or L ports", "Switch not ready for EX_Ports"

Condition:

Occasionally, switch finds inconsistency in domain count and E-port count during

HAfailover/hareboot when there is VEX-EX ports in the configuration.

Recovery:

Trigger fabric rebuild by executing "fabricprincipal -f". Manual fabric rebuild by taken offline ALL

E_port/Trunks, then re-enable them or switch disable/enable.

Defect ID:

DEFECT000508529

Technical Severity:

Critical

Probability:

Medium

Product:

FOS

Technology:

Traffic Management

Reported In Release:

FOS7.0.0

Technology Area:

Trunking

Symptom:

High deskew values on 16G trunk ports are contributing to high fabric latency.

Condition:

It occurs during trunk forming with 16G ports. Sometimes the impact is not observed until after a

hafailover/hareboot. trunkshow shows huge deskew value difference between links in a single trunk.

Example of an actual trunkshow output of a high latency fabric:

trunkshow :

1: 0-> 0 xxx deskew 1517 MASTER

1-> 1 xxx deskew 15

Recovery:

port disable and enable links in the trunk one by one: portdisable link1, portenabel link1; portdisable

link2; portenable link2

Defect ID:

DEFECT000513920

Technical Severity:

High

Product:

FOS

Technology:

Security

Reported In Release:

FOS7.1.0

Technology Area:

Fabric Authentication

Symptom:

CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not

properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle

attackers to trigger use of a zero-length master key in certain OpenSSL-to-

OpenSSL communications,

and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka

the "CCS Injection" vulnerability.

Condition:

FOS switches that are not running LDAP or RADIUS with PEAP-MSCHAPv2 for authentication are

not running OpenSSL client mode and are not at risk. To be at risk:

• The FOS product must be running authentication using LDAP or RADIUS with PEAP-MSCHAPv2

protocols.

• The OpenSSL server must also be running with a version of OpenSSL that contains this

vulnerability (1.0.1 or 1.0.2-beta1)

Workaround:

For users requiring LDAP or RADIUS with PEAP-MSCHAPv2 for authentication, upgrading the

OpenSSL server to a version of OpenSSL that does not contain this vulnerability will prevent

exposure.