Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

GEO 2.2.35.6 Release Notes

Refer to the sections below for details about firmware version 2.2.35.6.

Feature Enhancements

  • Addressed a critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management where an unauthenticated, remote attacker could bypass security protections, gain system privileges, execute elevated commands, and expose certain sensitive system data, such as certificates and private keys. This vulnerability was partially addressed in 7.1.35.5. The expanded scope of this vulnerability, covering exploitation through injection of arbitrary executable commands in cookies, is addressed in this release.

Known Issues

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-9572

There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands.

PD-9570

There is a typo in the removecountry API response error message.

PD-9539

Issues with the PowerShell New-GeoCluster command in a specific scenario.

PD-9523

In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.


Comments