Fixes were made to address the following CVEs:

Fixed an issue where a configd crash occurred when the Policies > Security view was updated or refreshed in the web interface.

Fixed an issue where the OpenConfig plugin stopped working after a configuration update.

Fixed an issue with intermittent ICMP ping drops and packet loss in traffic flows between a hub and branch after upgrading to an affected PAN-OS release due to incorrect SD-WAN path monitor state.

Fixed an issue where SIP sessions stopped progressing after the firewall received fragmented packets, fragmented at header field.

(VM-Series firewalls on ESXi with Intel E810 NICs using PCI passthrough) Fixed an issue where the brdagent process became unresponsive during data port initialization, which resulted in system instability, interface outages, HA split-brain conditions, and unexpected reboots during failover.

Fixed an issue on firewalls in DHCP Client mode where, after upgrading to an affected release, the SNMP process unexpectedly restarted after a commit, which led to false interface flap notifications on SNMP managers.

Fixed an issue where the link status of log port 1 and log port 2 were unable to be monitored via SNMP due to the OIDs for the individual ports not being available.

Fixed an issue BGP sessions experienced short disruptions across all peers, interfaces, and slots when a multicast event persisted longer than the NGP negotiated hold timers.

(PA-7500 firewalls only) Fixed an issue where firewall logs were not visible in the Strata Logging Service even though cloud logging was enabled and the firewall was successfully forwarding logs.

Fixed an issue on the Panorama web interface where custom application tags for cloud applications were not consistently displayed in the Application Filter or application details even though the tags were configured via CLI and successfully enforced traffic blocking policy rules.

Fixed an issue where session rematch did not properly apply updated Security policy rules to existing traffic flows after committing changes, which caused traffic to still be allowed when a new Security policy was set to Deny.

(Firewalls in Layer 2 mode only) Fixed an issue where the new sessions were not able to be established due to the firewall intermittently dropping valid MAC address entries for specific VLANs when a manual switchover sent a high volume of traffic to the firewall.

Fixed an issue where the ABR failed to translate and advertise the default route (0.0.0.0/0) from an OSPF NSSA area into the OSPF backbone area as a Type-5 LSA.

Fixed an issue on the web interface where checkboxes for default information originate and ABR in OSPF NSSA configurations were automatically enabled which resulted in unexpected configuration changes.

(PA-7050 firewalls in HA configurations only) Fixed an issue where the firewall reached 100% disk utilization due to the logrcvr process repeatedly restarting and dumping core files due to a blocked hints processing thread, which caused a failover.

(VM-Series firewalls only) Fixed an issue where insufficient i-node space was available on the sysroot0 partition.

Fixed an issue where configuring an OSPFv2 NSSA area range caused OSPF-learned routes to become unreachable due to the incorrect installation of a discard route when the NSSA range prefix matched an existing OSPF route.

Fixed an issue where OSPF session using MD5 authentication experienced intermittent flapping due to out-of-order packet processing.

Fixed an issue where the firewall did not match the correct policy for SSL forward decrypted HTTP/2 traffic when upgrading from PAN-OS 10.2.9-h1 to PAN-OS 11.2.3.