Lumeta, a FireMon company, announced the general availability of Lumeta 18.104.22.168 on 10/30/2018. This release resolves the security and software issues described on this page. It is recommended for all Lumeta users.
|Upgrading to Lumeta 22.214.171.124|
|Upgrade Path||Upgrade Process||Upgrade Package|
3.3.2 Command Center
|126.96.36.199 Command Center||Upgrading to Lumeta 188.8.131.52|
MD5 SUM is f2f62354bc11a98a4d1b2e856fcb8b08
Several issues reported by customers have been resolved.
Password controls and override now enforces the following policy: User is not allowed to change his or her password more often than "minDays." User is forced to change his or her password after "maxDays." See Password Controls in Spectre 3.3.2+ for details.
|2||To prevent a target from generating snmp targets for a collector lacking the necessary snmp community string, we've introduced a change such that if an IP address is in the Eligible List, then entry is added to target table (for snmpDetails) only when a community string is configured for a given collector and there is an snmpDiscovery response received for that community string from the collector for which we are inserting snmpDetail record. This resolved the problem.||PO-7970|
|3||Fixed SNMP credential cross-contamination as described in above-referenced issue PO-7979 (i.e., entries for a collector seen in target table for a credential that is not configured for that collector.) Example: collector id 15 is configured to use 4 credentials while collector id 16 is configured to use common credentials. Since "public" is the lowest aliasorder, update target run picks up "public" without performing a check to see if collector 15 is configured to discover "public." This caused incorrect entries in the target table. New methodology resolves problem.||PO-8646|
|4||Changed the processing order on CIFS targets relative to tcpPorts processing to properly insert CIFS entries into target tables.||PO-8715 |
|5||The jetty setting that displays directory listings has been disabled to bring Lumeta into compliance with STIG V-13735. Directory settings are no longer served||PO-8796|
|6||Updated AutoVacuum settings for Lumeta||PO-8856|
Lumeta stopped logging queries a half-hour after a netboot. This issue was resolved by removing some query-related defaults.
|8||An out-of-memory fix was ported to subsequent releases.||PO-8823|
SNMP details are failing to generate when a network device attempts to send a response packet to Lumeta that is too large. The SNMP Details routine is timing out as a result. We plan to resolve the problem by buffering packet fragments and improving how they are reassembled.
|10||DB configuration updates ||PO-8762|
Lumeta 184.108.40.206 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See CVEs Fixed in 220.127.116.11 soon for a preliminary list of resolved CVEs. A finalized listing will be made available post-GA.
Preliminary Change Log
The changes made in preparation for this Lumeta 18.104.22.168 release include the following:
[PO-7970] - Target generating snmp targets for collector that doesn't contain snmp community string configured
[PO-8005] - Changes surrounding logging of query timings
[PO-8646] - Entries for a collector seen in target table for credential that is not configured for that collector
[PO-8662] - SNMP Detail target times out when we get fragmented packets from it
[PO-8715] - Target table details for CIFS targets are not updated when ports open closed state changes
[PO-8791] - Password controls enabled & override option - User is able to change password more than once based on min days value
[PO-8963] - Password controls override does not override maxDays default value
[PO-8796] - STIG V-13735 - gui directory listings are seen from jetty ui/scripts and ui/modules
[PO-8902] - create upgrade to 22.214.171.124
[PO-8908] - security updates for 126.96.36.199
[PO-8841] - Improve query that updates last_update in device_attribute table
[PO-8850] - Update Lumeta version for trunk and 3.3.2-maintenance