For all of you HP Bladesystem customers, here’s a heads up that HP released v3.60 of their Virtual Connect firmware package. You can download the full Release Notes here. Take note that this release fixes a couple of security issues, so even if the bug fixes don’t apply to you, consider updating to resolve the known security issues. Also, in the list of known issues there is an outstanding unresolved security issue for CVE-2010-4180 that you should be aware of, which is a cipher downgrade attack against OpenSSL. This was discovered 2010, so it’s a bit disappointing that HP can’t fix this in a more timely fashion.
• Resolved an issue where the restore domain operation would fail if any of the storage blades were in
a power-on state.
• Previously, to enable SMIS you also had to enable SNMP. Now SNMP and SMIS can be independently enabled.
• Resolved an issue where the downlinks from some HP servers were shut down by SmartLink during a firmware upgrade.
• Resolved an issue where the CLI did not block restoring a configuration when any of the servers were still powered on.
• Resolved an issue where the VCM GUI did not allow ‘@’ and ‘#’ as part of a VCM user password, but the VCM CLI did not have these restrictions.
• Resolved an issue where VC or VCEM changed the boot order with the FC HBA boot parameters being configured, and the end result was not what was expected.
• Resolved an issue where VCM enabled server ports with no network connections. For example, if a simple server profile had only one Ethernet connection, which mapped to LOM1, then only LOM1
should be enabled. However both LOM1 and LOM2 were enabled.
• Resolved an issue where if a pair of FCoE connections were added or removed from a profile with
sufficient Ethernet network connections to be using subport2, unexpected behavior may have occurred for the subport2.
• Resolved an issue where using the HP BLc Virtual Connect 1Gb RJ-45 Small Form Factor Pluggable Option Kit (Part Number 453154-B21) or HP BLc VC 1Gb SX SFP (Part Number 453151-B21) on a HP VC Flex-10 10Gb Ethernet Module for c-Class BladeSystem caused Cyclic Redundancy Check (CRC) errors during normal operation after a period of time, and then the link might go down. This issue only occurred with the HP VC Flex-10 10Gb Ethernet Module. When the link went down, Virtual Connect reported the link as down; however, the link to the external switch was still maintained. This fix resolved the Engineering Advisory c03208179.
• Resolved an issue where OpenSSH used by VC was vulnerable to NIST alerts CVE-2008-5161 and
Denial Of Service Vulnerability CVE-2011-3192.