For all of you HP Bladesystem customers, here’s a heads up that HP released v3.60 of their Virtual Connect firmware package. You can download the full Release Notes here. Take note that this release fixes a couple of security issues, so even if the bug fixes don’t apply to you, consider updating to resolve the known security issues. Also, in the list of known issues there is an outstanding unresolved security issue for CVE-2010-4180 that you should be aware of, which is a cipher downgrade attack against OpenSSL. This was discovered 2010, so it’s a bit disappointing that HP can’t fix this in a more timely fashion.
The following issues have been resolved in the VC 3.60 release:
• Resolved an issue where the restore domain operation would fail if any of the storage blades were in
a power-on state.
• Resolved an issue with concurrent server hot-plug that could leave a server disconnected from assigned networks. Applied to servers with Flex-10 or Flex-Fabric ports with assigned profiles.
• Resolved an issue observed on multi-blade servers with a multi-port mezzanine card where HP-UX had an extended boot time and the EFI driver did not attach to the multi-port mezzanine card. This happened when a multi-port mezzanine card had only a single Ethernet connection assigned to a port and the other ports did not have connections assigned.
• Resolved an issue with the HP VC 1/10Gb-F module when using mixed media types (RJ45 and SFP) in an LACP channel, where when the VC module was reset, the channels using SFP did not rejoin either channel.
• Previously, to enable SMIS you also had to enable SNMP. Now SNMP and SMIS can be independently enabled.
• Resolved an issue where the downlinks from some HP servers were shut down by SmartLink during a firmware upgrade.
• Resolved an issue where the CLI did not block restoring a configuration when any of the servers were still powered on.
• Resolved an issue where the VCM GUI did not allow ‘@’ and ‘#’ as part of a VCM user password, but the VCM CLI did not have these restrictions.
• Resolved an issue where VC or VCEM changed the boot order with the FC HBA boot parameters being configured, and the end result was not what was expected.
• Resolved an issue where VCM enabled server ports with no network connections. For example, if a simple server profile had only one Ethernet connection, which mapped to LOM1, then only LOM1
should be enabled. However both LOM1 and LOM2 were enabled.
• Resolved an issue where if a pair of FCoE connections were added or removed from a profile with
sufficient Ethernet network connections to be using subport2, unexpected behavior may have occurred for the subport2.
• Resolved an issue where using the HP BLc Virtual Connect 1Gb RJ-45 Small Form Factor Pluggable Option Kit (Part Number 453154-B21) or HP BLc VC 1Gb SX SFP (Part Number 453151-B21) on a HP VC Flex-10 10Gb Ethernet Module for c-Class BladeSystem caused Cyclic Redundancy Check (CRC) errors during normal operation after a period of time, and then the link might go down. This issue only occurred with the HP VC Flex-10 10Gb Ethernet Module. When the link went down, Virtual Connect reported the link as down; however, the link to the external switch was still maintained. This fix resolved the Engineering Advisory c03208179.
• Resolved an issue where OpenSSH used by VC was vulnerable to NIST alerts CVE-2008-5161 and
CVE-2008-1483.
• Resolved an issue where the Apache HTTP Server used by VC was vulnerable to the NIST alert for
Denial Of Service Vulnerability CVE-2011-3192.
Denial Of Service Vulnerability CVE-2011-3192.
