Legacy GEO Release Notes

Contents

1 Legacy GEO Release Notes Introduction

This document describes the features added and issues resolved for legacy versions.

To see release notes for newer firmware versions, go to the GEO Release Notes section of the KEMP Documentation Page.

The GEO product is available in two forms:

  • A standalone GEO product
  • A Global Sever Load Balancing (GSLB) Feature Pack that is part of the KEMP load balancer (LoadMaster) product

This document applies to both forms of GEO. We recommend making a full back up of the LoadMaster configuration before upgrading the software.

Installation of this software and reloading of the configuration may take up to five minutes, or possibly more, during which time the LoadMaster being upgraded is unavailable to carry traffic.

1.1 Prerequisites

The following are recommendations for upgrading the software:

  • The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge
  • In case of issues restoring backup configurations, configuring LoadMaster or other maintenance issues, please refer to the LoadMaster documentation which can be found at https://kemptechnologies.com/documentation

1.2 Support

If there are problems loading the software release, please contact KEMP support staff using our website and a KEMP support Engineer will call you promptly.

1.3 Compatible Products

    • GEO standalone product
    • LoadMaster with the Global Server Load Balancer (GSLB) Feature Pack

2 Release 2.2.35.5/7.1.35.5

Refer to the sections below for details about firmware version 2.2.35.5/7.1.35.5. This was released on 22nd March 2018.

2.1 2.2.35.5/7.1.35.5 - Issues Resolved

PD-11023 Previously, a critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Now, this vulnerability has been mitigated against with more stringent security checks. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

2.2 2.2.35.5/7.1.35.5 - Known Issues

PD-10155 Issue with configuration corruption causes some GEO features not to function.
PD-9572 There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands.
PD-9570 There is a typo in the removecountry API response error message.
PD-9539 Issues with the PowerShell New-GeoCluster command in a specific scenario.
PD-9523 In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.

3 Release 7.1.35.4

Refer to the sections below for details about firmware version 7.1.35.4. This was released on 2nd August 2017.

3.1 2.2.35.4/7.1.35.4 - Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.
PD-8725 Proximity and Location Based scheduling do no work with IPv6 source addresses.
PD-10155 Issue with configuration corruption causes some GEO features not to function.
PD-9572 There are discrepancies displaying the location latitude/longitude parameter vales for some RESTful API commands.
PD-9570 There is a typo in the removecountry API response error message.
PD-9539 Issues with the PowerShell New-GeoCluster command in a specific scenario.
PD-9523 In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.

4 Release 2.2.35.3/7.1.35.3

Refer to the sections below for details about firmware version 2.3.35.3/7.1.35.3. This was released on 5th April 2017.

4.1 Feature Enhancements

Updated BIND to version 9.10.4-P5 to mitigate against the following vulnerabilities:

- CVE-2016-9131

- CVE-2016-9147

- CVE-2016-9444

- CVE-2016-9778

 

4.2 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.
PD-8725 Proximity and Location Based scheduling do no work with IPv6 source addresses.

5 Release 2.2.35/7.1.35

Refer to the sections below for details about firmware version 2.2.35/7.1.35. This was released on 2nd August 2016.

5.1 New Features

GEO now supports blacklists.

GEO per-FQDN settings.

Enhanced GEO health checks to allow grouping by cluster.

5.2 Issues Resolved

PD-7225

The listcustomlocation API command is now showing the correct custom locations which have been added.

PD-7134

Fixed the GEO LoadMaster WUI to display missing menu elements.

PD-7481

Fixed an issue relating to incorrect site selection failover when using Location Based as the Selection Criteria.

5.3 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.
PD-8725 Proximity and Location Based scheduling do no work with IPv6 source addresses.

PD-7770

There are some issues with the GEO proximity Selection Criteria.

PD-7516

The GEO Location Based option for “Everywhere” cannot be set and is not listed in the API.

PD-7338

The listclusters API command returns 0 as the CheckerPort value if the checker is set to tcp. The default value when using TCP health checks is 80 and that should be returned.

PD-7522

If a GEO map is modified using the API and the IP address for the site is not specified, nothing is returned (an error should be displayed).

 

6 Release 2.2.34.1/7.1.34.1

Refer to the sections below for details about firmware version 2.2.34.1/7.1.34.1. This was released on 18th May 2016.

6.1 Feature Enhancements

It is now possible to delete custom GEO locations.

PowerShell and Java API commands have been added for adding custom locations to FQDNs.

6.2 Issues Resolved

PD-6657

Fixed an issue relating to Private/Public site preference with proximity selection.

PD-6641

Fixed a display issue for sites using a built-in geographic location database.

PD-6626

Fixed geographic coordinate resolution of existing sites when switching to proximity selection.

PD-6215

Added API commands to allow public IP addresses to be treated as private on GEO.

6.3 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-7225

The listcustomlocation API command shows custom locations that have not been added.

 

7 Release 2.2-32a/7.1-32a

Refer to the sections below for details about firmware version 2.2-32a/7.1-32a. This was released on 26th January 2016.

7.1 Issues Resolved

PD-6514

Fixed an issue relating to site restrictions for FQDNs.

PD-6476

Improved GEO proximity stability.

PD-6095

Fixed an issue with the add/remove country and change map location API commands for GEO.

PD-6078

It is now possible to add a custom location to an IP in an FQDN using API commands.

PD-5915

Fixed an issue which was preventing an extra name server from being added.

PD-3642

Fixed an issue relating to GEO Weighted Round Robin statistics.

7.2 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-6626

Changing an existing FQDN with sites to proximity balancing causes automatic resolution to fail.

PD-6627

If ‘bad data’ is entered in the coordinates of an FQDN, automatic resolution will fail.

 

8 Release 2.2-30/7.1-30

Refer to the sections below for details about firmware version 2.2-30/7.1-30. This was released on 3rd November 2015.

8.1 Feature Enhancements

There is now further flexibility in GEO around selectively responding with public or private sites based on whether a client is from a public or private IP address.

Enhancements have been made to the GEO partner status indicators.

8.2 Issues Resolved

PD-5478

Fixed an issue with the GEO round robin scheduling method for IPv6.

PD-5282

Fixed an issue relating to the GEO proximity scheduling method.

PD-4863

Fixed an issue which was preventing GEO custom locations from being edited.

PD-5853

Fixed an issue relating to GEO health checking.

8.3 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-5582

There are some GEO issues relating to the resource check parameters and cluster health checking.

PD-5915

In GEO, it is not possible to add multiple name servers using the WUI. This can be done in the API as a workaround.

 

9 Release 2.2-28b/7.1-28b

Refer to the sections below for details about firmware version 2.2-28b/7.1-28b. This was released on 28th August 2015.

9.1 Feature Enhancements

Updated firmware to mitigate against CVE-2015-5477 vulnerability.

9.2 Issues Resolved

PD-5581

Fixed a GEO Web User Interface (WUI) issue which caused issues with multiple locations being assigned.

9.3 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-3642

Statistics are not updating correctly when using GEO and weighted round robin scheduling.

PD-4863

Custom locations on the LoadMaster GEO cannot be disabled.

 

10 Release 2.2-28a/7.1-28a

Refer to the sections below for details about firmware version 2.2-28a/7.1-28a. This was released on 29th July 2015.

10.1 Issues Resolved

PD-5251

Fixed an issue which prevented some GEO miscellaneous parameters to be set.

10.2 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-3642

Statistics are not updating correctly when using GEO and weighted round robin scheduling.

 

11 Release 2.2-28/7.1-28

Refer to the sections below for details about firmware version 2.2-28/7.1-28. This was released on 24th June 2015.

11.1 Feature Enhancements

Removed superfluous messages in GEO logging.

Added status indicators for partner SSH tunnels.

11.2 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

12 Release 2.2-26/7.1-26

Refer to the sections below for details about firmware version 2.2-26/7.1-26. This was released on 1st May 2015.

12.1 Feature Enhancements

New LoadMaster installations now come pre-installed with an up-to-date GEO database, including IPv6.

Improved GEO partner IP entry method - only the shared IP address needs to be entered into the Remote GEO LoadMaster Access text box for HA configurations.

12.2 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

13 Release 2.2-24a/7.1-24a

Refer to the sections below for details about firmware version 2.2-24a/7.1-24a. This was released on 11th February 2015.

13.1 Feature Enhancements

Added new GEO cluster RESTful API commands which list and show clusters.

13.2 Issues Resolved

PD-3344

SSH can now be disabled on a GEO cluster to increase security.

PD-3319

Alternate gateway support has been added for GEO LoadMasters with multiple interfaces.

PD-3160

Fixed a problem with the modmap RESTful API command.

PD-3104

The addmap RESTful API command now works in all scenarios.

PD-3075

A superfluous error message, which displayed when setting the isolateips parameter using the ModifyFQDN command, has been removed.

 

13.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

14 Release 2.2-22b/7.1-22b

Refer to the sections below for details about firmware version 2.2-22b/7.1-22b. This was released on 3rd December 2015.

14.1 Known Issues

PD-11023 A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-3160

There is a bug with the modmap RESTful API command.

PD-3104

The addmap RESTful API command does not work when the Selection Criteria is set to Real Server Load.

PD-3075

A superfluous error message appears when you attempt to set the isolateips parameter using the PowerShell ModifyFQDN command.

 

15 Release 2.2-22/7.1-22

Refer to the sections below for details about firmware version 2.2-22/7.1-22. This was released on 25th November 2014.

15.1 Feature Enhancements

Security enhancements have been made to GEO.

Multiple Virtual Services with the same IP address can now be added to the GEO Real Server Load Cluster Check.

Updated the BIND version to 9.9.6-ESV to address CVE-1999-0662.

15.2 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-3160

There is a bug with the modmap RESTful API command.

PD-3104

The addmap RESTful API command does not work when the Selection Criteria is set to Real Server Load.

PD-3075

A superfluous error message appears when you attempt to set the isolateips parameter using the PowerShell ModifyFQDN command.

 

16 Release 2.2-20/7.1-20

16.1 New Features

The ability to designate GEO listening interfaces.

The ability to use multiple interfaces to listen for GEO requests.

16.2 Feature Enhancements

GEO API commands have been added.

16.3 Issues Resolved

PD-2644

Fixed an issue with syncing some GEO settings.

 

16.4 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

17 Release 2.2-18b/7.1-18b

17.1 New Features

GEO enhancements

New GEO features which allow failover and isolates public/private sites. Also, two GEO selection criteria options have been renamed to more appropriately reflect their functions (Location Based has been renamed to Proximity and Regional has been renamed to Location Based).

17.2 Issues Resolved

PD-1941

Removed unnecessary options for GEO cluster synchronization

17.3 Known Issues

  • A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

    Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

  • GEO health check intervals do not match the settings configured

18 Release 2.2-16/7.1-16

18.1 New Features

The LoadMaster GEO Operating System is now running on Linux kernel 3.10.28

18.2 Issues Resolved

PD-1687

Made the GEO sync mechanism more tolerant of rapid changes

18.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

19 Release 2.1.14/7.0-14

19.1 Feature Enhancements

GEO can now be disabled and enabled using the Web User Interface (WUI) (when GEO is disabled it is possible to modify the packet filter settings)

19.2 Issues Resolved

PD-1145

DNS requests can now be made to the LoadMaster GEO over an IPv6 network

PD-1277

BIND has been updated to version 9.6-ESV-R10-P2

 

19.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

20 Release 2.1.12a/7.0-12a

20.1 Feature Enhancements

GEO search order changed

20.2 Issues Resolved

PD-771

Fixed issue where the site failure and recovery settings were not updating to the partner

PD-808

Fixed issue where the FQDN was not updating to the partner

 

20.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

21 Release 2.1.10/7.0-10

21.1 Known Issues

  • A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

    Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

  • Site failure and recovery settings are not replicated to the partner GEO.
  • In some cases, FQDNs are not replicated to the partner GEO.

22 Release 2.1.8e/7.0-8e

22.1 Feature Enhancements

Automated Licensing and Support Infrastructure (ALSI) Enhancements

22.2 Issues Resolved

PD-700

Fixed reboot issue when changing service types

22.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

23 Release 2.1.8/7.0-8

23.1 New Features

IP Range Selection Criteria

Certificates Functionality

23.2 Issues Resolved

PD-392

Issue with GEO sync has been resolved

23.3 Known Issues

PD-11023

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

Last Updated Date

This document was last updated on 12 December 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments