Multi-Tenant LoadMaster Release Notes

1 Introduction

This document lists the features and issues in the current Multi-Tenant LoadMaster (MT LoadMaster) release.

We recommend you fully back up the Multi-Tenant LoadMaster configuration before upgrading the software.

Installation of this software and reloading of the configuration may take up to five minutes, or possibly more.

1.1 Document Purpose

The purpose of this document is to provide details about the current Multi-Tenant LoadMaster firmware release.

The following are recommendations for upgrading the software:

  • The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge.
  • In case of issues configuring the Multi-Tenant LoadMaster, please refer to the Multi-Tenant LoadMaster documentation which can be found at http://kemptechnologies.com/documentation.

1.2 Support

If there are problems loading the software release, please contact KEMP support staff and a KEMP Support Engineer will get in touch with you promptly: http://kemptechnologies.com/load-balancing-support/kemp-support

1.3 Intended Audience

This document is intended to be read by anyone who is interested in finding out more about a Multi-Tenant LoadMaster firmware release.

2 Release MT_7.1.35.4

Refer to the sections below for details about firmware version MT_7.1.35.4. This was released on 1st May 2018.

2.1 New Features - MT_7.1.35.4

Support added for the new LM-X series of LoadMaster.

2.2 Issues Resolved - MT_7.1.35.4

PD-10924

Previously, error text appeared in the Multi-Tenant LoadMaster Web User Interface (WUI) when adding a VLAN with the same ID.
Now, this text no longer appears in the WUI and an error pop-up appears with the correct error information.

PD-11046 Addressed a critical vulnerability (CVE-2018-0901) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management where an unauthenticated, remote attacker could bypass security protections, gain system privileges, execute elevated commands and expose certain sensitive system data such as certificates and private keys. The expanded scope of this vulnerability covering exploitation through injection of arbitrary executable commands in cookies is addressed in this release.
PD-10085 Previously, the link status displayed in the Multi-Tenant LoadMaster WUI was incorrect.
Now, the correct link status is displayed in the Multi-Tenant LoadMaster WUI.

2.3 Known Issues - MT_7.1.35.4

PD-9950 High Availability (HA) on the Multi-Tenant LoadMaster does not work with LoadMaster VNF firmware versions LTS 7.1.35.x and V7.2.36.x.

PD-10064

RADIUS-based users do not get the correct Web User Interface (WUI) administration permissions when WUI Session Management is enabled.

PD-10078 For newly-created VLANs, the selectable VLAN ID for the VNF does not match the VLAN ID on the Multi-Tenant interface list.
PD-10098 The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.
PD-10203 Users cannot apply a WUI certificate using the RESTful API or WUI.
PD-10194 You cannot update the license of a Multi-Tenant LoadMaster VNF.
PD-10214 VLAN IDs can be referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs are configured, this leads to difficulty identifying the appropriate VLAN ID.
PD-10437 Bonded VNF interfaces are not removed correctly following a VNF Factory Reset operation.
PD-11327 You cannot restore backup files on Multi-Tenant LoadMaster VNFs.
PD-11334 There are some issues when bonding more than two interfaces on a Multi-Tenant host.

3 Release MT_7.1.35.3

Refer to the sections below for details about firmware version MT_7.1.35.3. This was released on 6th December 2017.

3.1 Feature Enhancements - MT_7.1.35.3

  • LoadMaster VNFs are now able to download GEO IP blacklist and Web Application Firewall (WAF) commercial rules.

3.2 Issues Resolved - MT_7.1.35.3

PD-10243

Previously, deleting a VLAN and rebooting the Multi-Tenant host caused inaccessibility issues for VNFs on other VLANs. Now, VNF accessibility using VLAN is maintained after rebooting the Multi-Tenant host.

PD-10004 Fixed an issue that caused the Multi-Tenant LoadMaster to become unreachable when running a script to add a large number of VLANs.

3.3 Known Issues - MT_7.1.35.3

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-10064

RADIUS-based users do not get the correct Web User Interface (WUI) administration permissions when WUI Session Management is enabled.

PD-10078 For newly-created VLANs, the selectable VLAN ID for the VNF does not match the VLAN ID on the Multi-Tenant interface list.
PD-10085 In certain scenarios, an incorrect link status displays.
PD-10098 The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.
PD-10203 Users cannot apply a WUI certificate using the RESTful API or WUI.
PD-10214 VLAN IDs can be referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs are configured, this leads to difficulty identifying the appropriate VLAN ID.
PD-10261 The following error message displays on the WUI if a duplicate VLAN ID is used: 'Duplicate VLAN id <vlan ID> Cache-Control: nocache'.
PD-9950 High Availability (HA) does not work with LoadMaster firmware version LTS 7.1.35.4 on the Multi-Tenant LoadMaster.

4 Release MT_7.1.35.2

Refer to the sections below for details about firmware version MT_7.1.35.2. This was released on 6th September 2017.

4.1 New Features - MT_7.1.35.2

You can reset the VNF password from the host in the console.

4.2 Feature Enhancements - MT_7.1.35.2

Interfaces can be bonded.

Administrator Web User Interface (WUI) access can be reset from the Multi-Tenant host console.

Mitigated against the CVE-2016-5696 vulnerability.

Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:

- CVE-2017-3731

- CVE-2017-3730

- CVE-2017-3732

- CVE-2016-7055

Updated OpenSSH to version 7.5 to mitigate against the following vulnerabilities:

- CVE-2015-8325

- CVE-2016-6210

4.3 Issues Resolved - MT_7.1.35.2

PD-8634

Added the licenseinfo Application Program Interface (API) command.

PD-9651 High Availability (HA) Virtual LoadMaster IP addresses are shown on the VNF Status page.
PD-9774 Fixed issues with automated FTP backups.
PD-9864 Fixed an issue that stopped the API from working when Basic Authentication was enabled.

4.4 Known Issues - MT_7.1.35.2

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-10085 An incorrect link status is displayed in certain scenarios.
PD-10004 In some situations, the Multi-Tenant LoadMaster unit becomes unreachable when running a script to add a large number of VLANs.
PD-9950 HA does not work with LTS 7.1.35.4 on the Multi-Tenant LoadMaster.
PD-10124 GEO IP blacklist commercial rule downloads are not working on Multi-Tenant LoadMasters.

5 Release MT_7.1.35

Refer to the sections below for details about firmware version MT_7.1.35. This was released on 2nd August 2016.

When upgrading a Multi-Tenant LoadMaster for Microsoft Azure to firmware version 7.1.35 – you also need to upgrade the Azure add-on pack.

5.1 Feature Enhancements

It is now possible to retrieve the serial number of a Multi-Tenant LoadMaster using the Application Program Interface (API).

5.2 Issues Resolved

PD-7380

Fixed an issue which was causing the interface speed to not be displayed correctly in the Multi-Tenant LoadMaster Web User Interface (WUI).

   

 

5.3 Known Issues - MT_7.1.35

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

6 Release MT_7.1.34

Refer to the sections below for details about firmware version MT_7.1.34. This was released on 18th May 2016.

6.1 New Feature

New Ovs Logging Level field added

6.2 Feature Enhancements

Mitigated against CVE-2004-2761 vulnerability.

Interface IDs are now displayed in the output of the stats API command.

6.3 Issues Resolved

PD-6634

Fixed an issue that was preventing the presentation of the root certificate.

PD-6509

It is now possible to set the memory size to greater than 2048 MB when using the createinstance API command.

 

6.4 Known Issues - MT_7.1.34

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

7 Release MT_7.1-30

Refer to the sections below for details about firmware version MT_7.1-30. This was released on 3rd November 2015.

7.1 New Features

Application Program Interface (API) support added

DHCP support added

7.2 Feature Enhancements

After initially deploying a new Multi-Tenant LoadMaster, a prompt will now appear asking to set up the initial tenant LoadMaster.

The User Interface (UI) has been updated.

The speed of Virtual LoadMaster (VLM) instance creation has been increased.

The Multi-Tenant LoadMaster now comes with a pre-installed Virtual Network Function (VNF) package containing the latest LoadMaster firmware.

7.3 Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-6487

The TPS counter on the home page is not relevant for the Multi-Tenant LoadMaster product and will be removed in a future release.

PD-6153

The current version of the Multi-Tenant LoadMaster does not work on the HP ProLiant DL320e bare metal platform.

PD-6509

The API command create instance does not allow the memory size to be set greater than 2048 MB.

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

KEMP Multi-Tenant LoadMaster, Product Overview

Multi-Tenancy, Feature Description

KEMP Multi-Tenant LoadMaster, Configuration Guide

Multi-Tenant LoadMaster API, Interface Description

Last Updated Date

This document was last updated on 01 August 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments