GEO 2.3.44 Release Notes

Refer to the sections below for details about firmware version 2.3.44. This was released on 31st October 2018.

Feature Enhancements

  • The LoadMaster GEO Operating System Linux kernel was upgraded from linux-4.9.58 to linux-4.9.124 to provide security and stability improvements.
  • The Top utility on the LoadMaster has been enhanced to provide more detailed configuration error messages and limits have been set on the configuration values to allow easier setup.
  • SNMP can now be used to retrieve SSL certificate information. Created a new certs MIB module (OID: 1.3.6.1.4.1.12196.14.1) that displays the SSL certificate information for all installed SSL certificates on the LoadMaster. There is a limit of a maximum of 256 SSL Certs that can be displayed. The following information is contained in the new MIB module:

- certIdx - Unique Certificate Id

- certFileName - Certificate file name

-   certSubjectName - Certificate name

-   certSerialNumber - Certificate Serial Number

- certStartDate - Certificate Start Date

- certEndDate - Certificate End Date

-   certIssuer - Certificate Issuer

  • SNMP can now be used to retrieve disk usage information. Added the dskEntry information to the UCD-SNMP-MIB Module (OID: 1.3.6.1.4.1.2021.9) to provide LoadMaster disk partition information related to the /var/log and /var/log/userlog partitions.
  • The KEMP ID user registration link on the homepage of an unlicensed GEO LoadMaster has been updated to https://kemptechnologies.com/kemp-id-registration/.

Issues Resolved

PD-11859

Addressed a further critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management that could, in certain circumstances, allow an unauthorized, remote attacker to bypass security protections, and gain access to sensitive system data, thereby compromising the system. This vulnerability was partially addressed in 7.2.42.0. The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints associated with historical graphs and licensing. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-11778

Previously, configuration changes made to GEO FQDN site mapping were not replicated to the GEO partner.

Now, the issue has been fixed and changes made to the FQDN site mapping are replicated to the GEO partner.

PD-11503

Previously, in GEO, an incorrect message (GEO ACL Automatic Update file not found) was reported in the logs, even when Enable Automated GEO IP Blacklist data Updates was disabled.

Now, this issue has been fixed and the message is no longer reported in the logs.

PD-10435

Previously, under certain specific conditions, the GEO application logs could fill the allocated partition, which caused the unit to not log any further messages.Now, GEO application logging has been improved.

Known Issues

PD-8725

GEO Proximity and Location Based scheduling do not work with IPv6 source addresses.

PD-8853

GEO Location Based failover does not work as expected.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-10155

An issue with configuration corruption is causing some GEO features to not function.

PD-10586

If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled.

PD-11621

In a GEO configuration with Stickiness set in the Miscellaneous Params WUI screen, a requested Fully Qualified Domain Name (FQDN) is not returned correctly if the Fail Over location is set to Everywhere.

Was this article helpful?

0 out of 0 found this helpful

Comments