Page tree
Skip to end of metadata
Go to start of metadata

Lumeta, a FireMon company, announced the general availability of Lumeta 3.3.2.1 on 10/30/2018.  This release resolves the security and software issues described on this page. It is recommended for all Lumeta users.

Upgrading to Lumeta 3.3.2.1
Upgrade PathUpgrade ProcessUpgrade Package
From_Release           

To_Release

3.3.2 Command Center

3.3.2.1 Command CenterUpgrading to Lumeta 3.3.2.1

Lumeta 3.3.2.1 upgrade package

MD5 SUM is f2f62354bc11a98a4d1b2e856fcb8b08

3.3.2 Scout

3.3.2.1 Scout

3.3.2 Portal

3.3.2.1 Portal

Fixed Issues

Several issues reported by customers have been resolved. 


IssueCase ID
1

Password controls and override now enforces the following policy: User is not allowed to change his or her password more often than "minDays." User is forced to change his or her password after "maxDays." See Password Controls in Spectre 3.3.2+ for details.

PO-8791
2To prevent a target from generating snmp targets for a collector lacking the necessary snmp community string, we've introduced a change such that if an IP address is in the Eligible List, then entry is added to target table (for snmpDetails) only when a community string is configured for a given collector and there is an snmpDiscovery response received for that community string from the collector for which we are inserting snmpDetail record. This resolved the problem. PO-7970
3Fixed SNMP credential cross-contamination as described in above-referenced issue PO-7979 (i.e., entries for a collector seen in target table for a credential that is not configured for that collector.) Example: collector id 15 is configured to use 4 credentials while collector id 16 is configured to use common credentials. Since "public" is the lowest aliasorder, update target run picks up "public" without performing a check to see if collector 15 is configured to discover "public." This caused incorrect entries in the target table. New methodology resolves problem. PO-8646
4Changed the processing order on CIFS targets relative to tcpPorts processing to properly insert CIFS entries into target tables.PO-8715
5 The jetty setting that displays directory listings has been disabled to bring Lumeta into compliance with STIG V-13735. Directory settings are no longer servedPO-8796
6Updated AutoVacuum settings for Lumeta PO-8856
7

Lumeta stopped logging queries a half-hour after a netboot. This issue was resolved by removing some query-related defaults.

PO-8579
8An out-of-memory fix was ported to subsequent releases. PO-8823
9

SNMP details are failing to generate when a network device attempts to send a response packet to Lumeta that is too large. The SNMP Details routine is timing out as a result. We plan to resolve the problem by buffering packet fragments and improving how they are reassembled.

PO-8662
SF00074091

10DB configuration updates
PO-8762


Security Updates

Lumeta 3.3.2.1 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See CVEs Fixed in 3.3.2.1 soon for a preliminary list of resolved CVEs. A finalized listing will be made available post-GA. 

Preliminary Change Log

The changes made in preparation for this Lumeta 3.3.2.1 release include the following:

Bug

[PO-7970] - Target generating snmp targets for collector that doesn't contain snmp community string configured

[PO-8005] - Changes surrounding logging of query timings

[PO-8646] - Entries for a collector seen in target table for credential that is not configured for that collector

[PO-8662] - SNMP Detail target times out when we get fragmented packets from it

[PO-8715] - Target table details for CIFS targets are not updated when ports open closed state changes

[PO-8791] - Password controls enabled & override option - User is able to change password more than once based on min days value

[PO-8963] - Password controls override does not override maxDays default value

Story

[PO-8796] - STIG V-13735 - gui directory listings are seen from jetty ui/scripts and ui/modules

[PO-8902] - create upgrade to 3.3.2.1

[PO-8908] - security updates for 3.3.2.1

Improvement

[PO-8841] - Improve query that updates last_update in device_attribute table

[PO-8850] - Update Lumeta version for trunk and 3.3.2-maintenance

 




  • No labels