Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year). Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication. This change was a direct result of your feedback, and we hope the timeline and additional “bundling” continues to allow organizations to plan and ensure resources are available to analyze, test, and remediate vulnerabilities in their environments.
Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes three advisories that affect the following technologies:
- IPv6 First-Hop Security
- SSH Version 2 (SSHv2)
- Cisco IOS XE Software
You may recall that Cisco announced enhancements to the Cisco IOS Software Checker last year. As my colleague Kevin Saling shared, the tool can display first-fixed software release data based on the combination of Cisco IOS Software releases and Cisco Security Advisories selected. Users can now quickly identify the first release that addresses all vulnerabilities disclosed in the selected advisories. The Cisco IOS Software Checker is updated daily to include the most current information on recent Cisco IOS Software releases Make sure you also take a look at the Cisco Event Response—our go-to document that correlates the full array of Cisco Security resources for this bundle (including links to the advisories, Cisco IntelliShield Alerts, CVSS scores, and OVAL content). As the project manager who oversees the management and delivery of these bundled disclosures, I have a unique perspective of the level of effort and collaboration involved. A dedicated team of incident managers, a variety of partner organizations, special tooling, months of preparation, thousands of communications—these all come together on the fourth Wednesday of March and September.
The next Cisco IOS Software Security Advisory Bundled Publication is scheduled for March 23, 2015. Mark your calendars now. And don’t forget—for all things security, visit the Cisco Security Portal, the primary outlet for Cisco’s security intelligence and the public home to all our security-related content.