PAN-OS 8.1.19 Addressed Issues
Table of Contents
8.1
Expand all | Collapse all
-
-
- App-ID Changes in PAN-OS 8.1
- Authentication Changes in PAN-OS 8.1
- Content Inspection Changes in PAN-OS 8.1
- GlobalProtect Changes in PAN-OS 8.1
- User-ID Changes in PAN-OS 8.1
- Panorama Changes in PAN-OS 8.1
- Networking Changes in PAN-OS 8.1
- Virtualization Changes in PAN-OS 8.1
- Appliance Changes in PAN-OS 8.1
- Associated Software and Content Versions
- Limitations
-
- PAN-OS 8.1.25 Addressed Issues
- PAN-OS 8.1.24-h2 Addressed Issues
- PAN-OS 8.1.24-h1 Addressed Issues
- PAN-OS 8.1.24 Addressed Issues
- PAN-OS 8.1.23-h1 Addressed Issues
- PAN-OS 8.1.23 Addressed Issues
- PAN-OS 8.1.22 Addressed Issues
- PAN-OS 8.1.21-h1 Addressed Issues
- PAN-OS 8.1.21 Addressed Issues
- PAN-OS 8.1.20-h1 Addressed Issues
- PAN-OS 8.1.20 Addressed Issues
- PAN-OS 8.1.19 Addressed Issues
- PAN-OS 8.1.18 Addressed Issues
- PAN-OS 8.1.17 Addressed Issues
- PAN-OS 8.1.16 Addressed Issues
- PAN-OS 8.1.15-h3 Addressed Issues
- PAN-OS 8.1.15 Addressed Issues
- PAN-OS 8.1.14-h2 Addressed Issues
- PAN-OS 8.1.14 Addressed Issues
- PAN-OS 8.1.13 Addressed Issues
- PAN-OS 8.1.12 Addressed Issues
- PAN-OS 8.1.11 Addressed Issues
- PAN-OS 8.1.10 Addressed Issues
- PAN-OS 8.1.9-h4 Addressed Issues
- PAN-OS 8.1.9 Addressed Issues
- PAN-OS 8.1.8-h5 Addressed Issues
- PAN-OS 8.1.8 Addressed Issues
- PAN-OS 8.1.7 Addressed Issues
- PAN-OS 8.1.6-h2 Addressed Issues
- PAN-OS 8.1.6 Addressed Issues
- PAN-OS 8.1.5 Addressed Issues
- PAN-OS 8.1.4-h2 Addressed Issues
- PAN-OS 8.1.4 Addressed Issues
- PAN-OS 8.1.3 Addressed Issues
- PAN-OS 8.1.2 Addressed Issues
- PAN-OS 8.1.1 Addressed Issues
- PAN-OS 8.1.0 Addressed Issues
PAN-OS 8.1.19 Addressed Issues
PAN-OS® 8.1.19 addressed issues.
Issue ID | Description |
|---|---|
PAN-161731 | Functionality was added to enable, via the
CLI, the removal of key exchange algorithms used by SSH.
|
PAN-159135 | Fixed an issue where the firewall rejected
SAML Assertions, which caused user authentication failure when the Validate Identity
Provider Certificate was enabled in the SAML Server
Profile in vsys3 or above. |
PAN-158988 | Fixed an issue with HTTP Header Insertion
where the payload was truncated when processing a segmented TCP
stream and when the client retransmitted the packet with the same
sequence number that was previously received segmented. |
PAN-158844 | Adds additional debugging to be used in
identifying the malformed references causing process crashes during
FQDN refresh. |
PAN-158638 | Fixed an issue where the firewall returned
the following error message when attempting to request a device
certificate using a one-time password (OTP): invalid ocsp response sig-alg . |
PAN-156240 | A fix was made to address an issue where
a cryptographically weak pseudo-random number (PRNG) was used during
authentication to the PAN-OS interface. As a result, attackers with
the capability to observe their own authentication secrets over
a long duration on the firewall had the ability to impersonate another
authenticated web interface administrator’s session (CVE-2021-3047). |
PAN-155009 | Fixed an issue on the firewall where executing
the request system bootstrap-usb prepare CLI
command returned a server error. |
PAN-154114 | A fix was made to address a vulnerability
related to information exposure through log files in PAN-OS where
secrets in PAN-OS XML API requests were logged in cleartext in the
web server logs when the API was used incorrectly (CVE-2021-3036). |
PAN-153213 | Fixed a rare issue where TCP packets randomly
dropped due to reassembly failure. |
PAN-152648 | Fixed an issue where multiple all_pktproc processes
stopped responding, which caused the dataplane to restart. |
PAN-152098 | Fixed an issue where the Policy Optimizer
for some device groups showed incorrect data with a - character
in the rule usage column. |
PAN-151458 | Fixed an issue on firewalls with high availability
active/active configurations where GlobalProtect gateways timed
out on-demand connections. This occurred because the Inactivity Logout timer
did not reset. |
PAN-150998 | Fixed an issue where, when deploying a VM-Series
firewall on VMware NSX that had been assigned a serial number that
was used by a previously deactivated firewall, the new firewall
was deployed in a deactivated or partially deactivated state. |
PAN-150852 | Fixed an issue with SMTP that occurred when
attachment file names were longer than the allocated buffer. If
the file name was longer than the buffer and Layer 7 inspection
was enabled, the file was dropped, which caused session errors and
an email to not be sent. |
PAN-150798 | ( PA-7000 Series firewalls only )
Fixed an issue where Network Processing Cards (NPC) took longer
than expected or failed to boot. |
PAN-150023 | A fix was made to address an issue where
an improper authentication vulnerability enabled a Security Assertion
Markup Language (SAML) authenticated user to impersonate any user
in the GlobalProtect portal and GlobalProtect gateway when they
were configured to use SAML authentication (CVE-2021-3046). |
PAN-149641 | Fixed an issue where firewalls stopped refreshing
IP tag information when configured with the VM Information Sources feature
with a VMWare vCenter Server. |
PAN-149339 | Fixed an issue where, when an ECMP route
changed, the flow table in the offload engine was not updated. |
PAN-147783 | Checks were added to help prevent the dataplane
from restarting. |
PAN-147781 | A fix was made to address an issue where
an OS command argument injection vulnerability in the PAN-OS web
interface enabled an authenticated administrator to read any arbitrary
file from the file system (CVE-2021-3045). |
PAN-147254 | jQuery was updated to 3.5.1. |
PAN-147221 | Improved QoS scheduling for Bidirectional
Forwarding Detection (BFD) and BGP to address the internal handling
of BGP and BFD packets under high resource constraints |
PAN-145733 | Fixed an issue where the SNMP INDEX for panZoneTable on
the PAN-COMMON-MIB.my file did not
work as expected, which led to entries in panZoneTable not
being uniquely identified. |
PAN-144975 | Fixed an intermittent issue where a high
traffic load in a Layer 2 deployment caused SNMP and Panorama health
monitoring failures. |
PAN-136347 | Fixed an issue wherer DNS proxy TCP connections
were processed incorrectly, which caused a process ( dnsproxy )
to stop responding. |
PAN-136073 | Fixed an issue where the High Speed Chassis
Interconnect (HSCI) port flapped continuously after an upgrade or
reboot. |
PAN-132035 | Fixed an issue on Panorama appliances in
an active/passive HA configuration where a managed firewall generated
high priority alerts that it failed to connect to the passive Panorama
appliance's User-ID agent server. This issue occurred because the
firewall was only able to connect to one Panorama User-ID server
at a time, and it connected only to the active Panorama appliance's
User-ID server. |
PAN-131474 | A fix was made to address a vulnerability
related to information exposure through log files in PAN-OS where
the connection details for a scheduled configuration export were
logged in system logs (CVE-2021-3037). |
PAN-124579 | Fixed an issue where a process (all_task_3) restarted,
which caused the tunnels to reset. |