PAN-OS 10.0.10 Addressed Issues

PAN-OS® 10.0.10 addressed issues.
Issue ID
Description
PAN-190175 and PAN-190223
A fix was made to address an OpenSSL infinite loop vulnerability in the PAN-OS software (CVE-2022-0778).
PAN-189665
(
FIPS-CC enabled firewalls only
) Fixed an issue where the firewall was unable to connect to log collectors after an upgrade due to missing cipher suites.
PAN-185616
Fixed an issue where the firewall sent fewer logs to the system log server than expected. With this fix, the firewall accommodates a larger send queue for syslog forwarding to TCP syslog receivers.
PAN-185163
Fixed an issue where the distributord process hit the FD limit, which caused User-ID redistribution to not function properly.
PAN-184693
Fixed an issue that caused the slotd process to stop responding due to an incorrect response from etcd lock API.
PAN-183862
Fixed an issue where, after a CN-NGFW pod failed-over to the second CN-MGMT pod, the configuration was not synchronized between the new CN-MGMT pod and the CN-NGFW pod.
PAN-183774
Fixed an memory leak issue in the mgmtsrvr process, which resulted in an out-of-memory (OOM) condition and high availability (HA) failover.
PAN-183239
Fixed an issue where the firewall randomly disconnected from the WildFire URL cloud.
PAN-182903
Fixed an issue where SD-WAN failover on a hub or branch in full mesh took longer than expected.
PAN-181839
Fixed an issue where Panorama Global Search reported
No Matches found
while still returning results for matching entries on large configurations.
PAN-181039
Fixed an issue with DNS cache depletion that caused continuous DNS retries.
PAN-181031
Fixed an issue where the CN-NGFW (DP) folder on the CN-MGMT pod eventually consumed a large amount of space in the /var/log/pan because the old registered stale next-generation firewall logs were not being cleared.
PAN-180916
Fixed an issue where DNS security caused the TTL (time-to-live) value of the pointer record (PTR) to be overwritten with a value of 30 seconds.
PAN-179982
Fixed an issue where an OOM condition occurred due to quarantine list redistribution.
PAN-179976
Fixed an issue where the WildFire Inline Machine Learning (ML) did not detect
mlav-test-pe-file.exe
when traffic was decrypted.
PAN-179703
Fixed an issue where dataplane interfaces weren't released when the secured application pods were deleted.
PAN-179413
Fixed an issue where GRE tunnels flapped during commit jobs.
PAN-179321
A validation error was added to inform an administrator when a policy field contained the value
any
.
PAN-179274
Fixed an issue on high availability configurations where, after upgrading to PAN-OS 9.1.10, PAN-OS 10.0.6, or PAN-OS 10.1.0, the HA1 and HA1-Backup link stayed down. This issue occurred when the peer firewall IP address was in a different subnet.
PAN-179164
Fixed an issue where a web-proxy port number was added to the destination URL when captive portal authentication was run.
PAN-179059
Fixed an issue where you were unable to delete dynamic address groups one at a time using XML API.
PAN-178947
Fixed an issue where the useridd process stopped responding when a NULL reference attempted to be dereferenced. This issue occurred to IP address users being added.
PAN-177907
Fixed an issue where, after rebooting the firewall, FQDN address objects referred in rules in a virtual system (vsys) did not resolve when the vsys used a custom DNS proxy.
PAN-177878
Fixed an issue where a role-based admin with
Operational Requests
enabled under the XML API section was unable to set the License Deactivation API key.
PAN-177626
Fixed an issue where aggressive situations caused on-chip descriptor exhaustion.
PAN-177551
A fix was made to address a vulnerability that enabled an authenticated network-based administrator to upload a specifically created configuration that disrupted system processes and was able to execute arbitrary code with root privileges when the configuration was committed (CVE-2022-0024).
PAN-177187
Fixed an issue where reports using the decryption summary database and Panorama as data sources returned no results.
PAN-177170
Fixed an issue on Panorama where a log collector group commit deleted the proxy settings configured on dedicated log collectors.
PAN-176889
Fixed an issue where the log collector continuously disconnected from Panorama due to high latency and a high number of packets in Send-Q.
PAN-176703
Fixed an issue that occurred after upgrading to a PAN-OS 9.0 or later release where commits to the firewall configuration failed with the following error message:
statistics-service is invalid
.
PAN-176348
Fixed an issue where scheduled email alerts were not forwarded to all recipients in the override list.
PAN-175716
Fixed an issue where sorting address groups by name, address, or location did not work on a device group that was part of a nested device group.
PAN-175628
(
PA-5200 Series firewalls only
) Fixed an issue where the firewall was unable to monitor AUX1 and AUX2 interfaces through SNMP.
PAN-175259
Fixed an issue where a Security policy configured with App-ID and set to
web-browsing
and
application-default service
allowed clear-text web-browsing on tcp/443.
PAN-175161
Fixed an issue where changing SSL connection validation settings for system logs caused the mgmtsrvr process to stop responding.
PAN-174809
Fixed an issue where a process (all_pktproc) restarted.
PAN-174607
Fixed an intermittent issue where, when Security profiles were attached to a policy, files that were downloaded across TLS sessions decrypted by the firewall were malformed.
PAN-174587
Fixed an issue where, in the case of multiple AWS Partner Network (APN) connections, the GPRS tunneling protocol (GTPv2) Create Session Requests were sent to the firewall within a short interval, which caused the firewall to create the GTP-sessions incorrectly.
PAN-174011
Fixed an issue where Panorama failed to update shared policies during partial commits when a new device group was created but not yet committed.
PAN-171345
Fixed an issue where firewalls experienced high packet descriptor usage due to internal communication associated with WildFire.
PAN-171181
Fixed an issue where the IPSec tunnel configuration didn't load when a double quotation mark was added to the comment section of the IPSec tunnel
General
tab.
PAN-171104
Fixed an issue where a race-condition check returned a false negative, which caused a process (all_task) to stop responding and generate a core file.
PAN-170952
Fixed script issues that caused diagnostic data to not be collected after path monitor failure.
PAN-168400
Fixed an issue where, after installing Cloud Services plugin 10.2, the
Plugin cloud_services
status (
Dashboard > High Availability
) displayed as
Mismatch
.
PAN-168286
Fixed a memory leak issue in the mgmtsrvr process that was caused by failed commit all operations.
PAN-167849
Fixed an issue where URL Filtering incorrectly identified the firewall serial number in the certificate
Common Name
field as the IP address.
PAN-164871
(
VM-Series firewalls only
) Fixed an intermittent issue where deactivating the firewall via XML API using manual mode failed. This occurred because the size of the license token file was incorrect.
PAN-163245
Fixed an issue where a commit-all or push to the firewall from Panorama failed with the following error message:
client routed requesting last config in the middle of a commit/validate. Aborting current commit/validate
.
PAN-161297
Fixed an interoperability issue with other vendors when IKEv2 used SHA2-based certificate authentication.
PAN-155448
Fixed an issue where credential detection didn't work in IP address-to-username mapping mode because the firewall compared the unnormalized IP-address-to-username mapping format to the normalized username extracted from the payload where the username and password were submitted.

Recommended For You