RH2288H V3 IBMC V399 Release Notes 01

RH2288H V3
iBMC V399 Release Notes
Issue 01
Date 2021-08-21
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://enterprise.huawei.com
Issue 01 (2021-08-21)
Copyright © Huawei Technologies Co., Ltd.
RH2288H V3
iBMC V399 Release Notes Contents
Contents
1 V399 Release Notes ....................................................................................................................... 1

2 V397 Release Notes ....................................................................................................................... 2
3 V396 Release Notes ....................................................................................................................... 3
4 V390 Release Notes ....................................................................................................................... 4
5 V382 Release Notes ....................................................................................................................... 5
6 V357 Release Notes ....................................................................................................................... 6
7 V345 Release Notes ....................................................................................................................... 8
8 V338 Release Notes ....................................................................................................................... 9
9 V334 Release Notes ..................................................................................................................... 10
10 V330 Release Notes ................................................................................................................... 11
11 V323 Release Notes ................................................................................................................... 13
12 V317 Release Notes ................................................................................................................... 14
13 V316 Release Notes ................................................................................................................... 15
14 V312 Release Notes ................................................................................................................... 17
15 V304 Release Notes ................................................................................................................... 18
16 V300 Release Notes ................................................................................................................... 20
17 V294 Release Notes ................................................................................................................... 21
18 V276 Release Notes ................................................................................................................... 22
19 V264 Release Notes ................................................................................................................... 24
20 V260 Release Notes ................................................................................................................... 25
21 V257 Release Notes ................................................................................................................... 27
22 V255 Release Notes ................................................................................................................... 29
23 V253 Release Notes ................................................................................................................... 30
24 V246 Release Notes ................................................................................................................... 31
Issue 01 (2021-08-21) i
RH2288H V3
iBMC V399 Release Notes Contents
25 V243 Release Notes ................................................................................................................... 32

26 V242 Release Notes ................................................................................................................... 33
27 V241 Release Notes ................................................................................................................... 34
28 V239 Release Notes ................................................................................................................... 35
29 V236 Release Notes ................................................................................................................... 36
30 V230 Release Notes ................................................................................................................... 38
31 V228 Release Notes ................................................................................................................... 39
32 V218 Release Notes ................................................................................................................... 40
33 V216 Release Notes ................................................................................................................... 41
34 V212 Release Notes ................................................................................................................... 42
35 V210 Release Notes ................................................................................................................... 43
36 V206 Release Notes ................................................................................................................... 45
37 V202 Release Notes ................................................................................................................... 46
38 V201 Release Notes ................................................................................................................... 47
39 V193 Release Notes ................................................................................................................... 49
40 V191 Release Notes ................................................................................................................... 50
41 V182 Release Notes ................................................................................................................... 51
42 V162 Release Notes ................................................................................................................... 53
43 V151 Release Notes ................................................................................................................... 54
44 V138 Release Notes ................................................................................................................... 55
45 V135 Release Notes ................................................................................................................... 56
46 V128 Release Notes ................................................................................................................... 58
47 V126 Release Notes ................................................................................................................... 59
48 V123 Release Notes ................................................................................................................... 60
49 V116 Release Notes ................................................................................................................... 61
Issue 01 (2021-08-21) ii
RH2288H V3
iBMC V399 Release Notes V399 Release Notes
1 V399 Release Notes
Release Date
2021-08-21
Current Version
V399
Software Version
3.99
Earlier Version
V397
What's New
 Supports MCX4121A-ACAT_C12 NICs;
 Supports QLE2692-HUA-SP NICs;
 Supports Tesla P40 GPU cards;
 Optimized the IPMI command response mechanism;
 Supports the DNS rebinding prevention function;
 Optimized the hard disk alarm mechanism;
 Optimized the CPLD protection mechanism of the BMC;
 Enhanced the reliability of user information.
Precautions
iBMC V399 works with BIOS V522. After upgrading the iBMC to V399, you must
upgrade the BIOS to V522.
Issue 01 (2021-08-21) 1
RH2288H V3
Release Date
2020-11-20
Current Version
V397
Software Version
3.97
Earlier Version
V396
What's New
 Supports setting and query of the SSH weak encryption algorithms through the
Redfish interface;
 Optimized the memory and CPU information displayed on the WebUI;
 Optimized the VMM data transmission mechanism;
 Optimized the drive health status information on the WebUI.
Precautions
Issue 01 (2021-08-21) 2
RH2288H V3
Release Date
2020-08-18
Current Version
V396
Software Version
3.96
Earlier Version
V390
What's New
 Enhanced web security;
 Optimized the suggestion for handling the fan fault alarm (alarm code: 0x04000007).
Precautions
iBMC V396 works with BIOS V515 or V521. After upgrading the iBMC to V396, you
must upgrade the BIOS to V515 or V521.
Issue 01 (2021-08-21) 3
RH2288H V3
Release Date
2020-04-22
Current Version
V390
Software Version
3.90
Earlier Version
V382
What's New
 Optimized the mechanism for reporting RAID controller card information;
 Supports dynamic configuration of the speed adjustment policy through the Redfish
interface;
 Supports syslog messages in RFC3164 format;
 Supports collection of DFL logs by using the CLI;
 Optimized the trap reporting mechanism.
Precautions
NA
Issue 01 (2021-08-21) 4
RH2288H V3
Release Date
2019-11-02
Current Version
V382
Software Version
3.82
Earlier Version
V357
What's New
 Optimized the function of querying the total fan power through the Redfish interface;
 Added the RAID controller card firmware redundancy backup function.
Precautions
NA
Issue 01 (2021-08-21) 5
RH2288H V3
Release Date
2019-08-22
Current Version
V357
Software Version
3.57
Earlier Version
V345
What's New
 Optimized the NVMe drive identification mechanism;
 Supports query of EnclosureID and Slot Number over the Redfish interface;
 Supports detection of the intermittent disconnection events of service NICs;
 Optimized the mechanism for obtaining the drive SNs;
 Optimized the mechanism for the mainboard CPLD upgrade to take effect;
 Added the function of triggering a warm restart of the OS when an IERR is detected
in FDM;
 Optimized the power capping mechanism;
 Optimized the mechanism for updating the database of the intelligent fault
management system;
 Optimized the alarm mechanism for connecting or disconnecting the optical cables of
optical modules;
 Optimized the time zone displayed for New Zealand on the iBMC WebUI;
 Optimized the display of physical drives of the RAID array on the iBMC WebUI;
 Optimized the HTTPS access mechanism for security purposes;
 Changed the certificate expiry event to a minor alarm;
 Optimized the import and export of the LDAP configuration;
 Optimized the SSDP packet broadcast mechanism;
 Supports change of the rights for the user whose ID is 2.
Issue 01 (2021-08-21) 6
RH2288H V3
Precautions
NA
Issue 01 (2021-08-21) 7
RH2288H V3
Release Date
2019-06-14
Current Version
V345
Software Version
3.45
Earlier Version
V338
What's New
 Optimized the alarm mechanism for the BBU in-position status of the RAID
controller card;
 Added the function of triggering a warm reset of the operating system when the
IERR diagnosis fails.
Precautions
NA
Issue 01 (2021-08-21) 8
RH2288H V3
Release Date
2019-04-20
Current Version
V338
Software Version
3.38
Earlier Version
V334
What's New
 Optimized the mechanism for logging the memory CE storm events;
 Optimized the FDM PFAE alarm mechanism;
 Supports SR450C-M 2G RAID controller cards.
Precautions
NA
Issue 01 (2021-08-21) 9
RH2288H V3
Release Date
2019-04-08
Current Version
V334
Software Version
3.34
Earlier Version
V330
What's New
 Supports successful VNC connections even in network delay;
 After hostname is configured using SmartKit, the SNMP sysname can be
automatically synchronized with the new hostname;
 Removed the inconsistency between the drive SEL and the information displayed on
the front panel LCD;
 Optimized the drive check and alarm mechanism;
 Optimized the mechanism for the SNMP to create the algorithm based on the engine
ID;
 Optimized the mechanism for importing and exporting the BIOS configuration on the
WebUI;
 Optimized the mechanism for handling the CPLD firmware upgrade exceptions on
the WebUI;
 Optimized the event subscription enabling mechanism for the Redfish module;
 Optimized the mechanism for the Redfish interface to report the StatusChange event
when a PSU is removed or installed.
Precautions
NA
Issue 01 (2021-08-21) 10
RH2288H V3
Release Date
2019-03-05
Current Version
V330
Earlier Version
V317
What's New
 Optimized the periodic event update mechanism over the Redfish interface;
 Optimized the SP boot process from the BMC;
 Optimized the commands used to configure the gateway IP address;
 Optimized the mechanism of managing multiple RAID cards;
 Optimized the mechanism of querying FRU information using ipmitool;
 Optimized the CPU card cooling policy;
 Optimized SNMP communication mechanism with third-party network management
software;
 Provides the port connection view on the WebUI;
 Optimized the SNMP engine ID generation mechanism to solve the problem that the
SNMP V3 probability is not connected;
 Optimized the cooling strategy of the GPU card;
 Optimized SSL-enabled cipher suites;
 Optimized the scheme of mounting ISO image by the CLI;
 Added support for the gratuitous ARP function;
 Optimized the processing mechanism of the SYN flood attack to solve the problem
that the attack causes the probability reset of the BMC;
 Optimized the fixability scheme when the network port fails;
 Optimized the verification policy for SMTP mailbox names;
 Optimized the fault code display scheme;
 Added support for querying and setting UUIDs by the redfish interface;
 Optimized the monitoring strategy for memory usage;
 Added support the data security erasure for encrypted disks;
 Optimized the Chinese and English switching strategies when WEB logs in;
Issue 01 (2021-08-21) 11
RH2288H V3
 Optimized WEB help information for occupancy monitoring;

 Optimized the configuration export mechanism;
 Optimized the authentication policy of SNMPV3.
Precautions
Issue 01 (2021-08-21) 12
RH2288H V3
Release Date
2019-05-06
Current Version
V323
Software Version
3.23
Earlier Version
V317
What's New
 Optimized the cooling strategy of the GPU card;
 Optimized the mechanism for logging the memory CE storm events;
 Optimized the mechanism for the iBMC to report the Version Change event when the
iBMC restarts;
 Optimized the periodic event update mechanism over the Redfish interface;
 Optimized the mechanism for importing and exporting the BIOS configuration on the
WebUI;
 Optimized the FDM message processing mechanism;
 Optimized the FDM PFAE alarm mechanism.
Precautions
 If the iBMC version is 3.20 or earlier, upgrade it to version 3.23;
 iBMC V323 works with BIOS V513. After upgrading the iBMC to V323, you must
Issue 01 (2021-08-21) 13
RH2288H V3
Release Date
2018-09-19
Current Version
V317
Earlier Version
V316
What's New
Optimized NCSI network configuration features.
Precautions
Issue 01 (2021-08-21) 14
RH2288H V3
Release Date
2018-09-12
Current Version
V316
Earlier Version
V312
What's New
 Optimized friendly information prompts when user deletion fails;
 Optimized the out-of-band alarm policy of the hard disk in multiple RAID scenarios;
 Optimized French help information on KVM;
 Added support for IPMI command to turn off the password rules long SNMP
community name;
 Optimized the remaining life detection mechanism of the NVMe hard disk;
 Optimized the strategy of a virtual keyboard mouse to wake up a hibernated
operating system;
 Optimized the implementation mechanism of the BMC restart button on the WEB
page;
 Optimized the QPI/UPI alarm policy;
 Optimized the verification policy of the LDAP server address on the WEB page;
 Optimized the configuration import and export strategy;
 Optimized the FDM diagnostic process;
 Optimized the information display on the status bar and menu bar on the KVM;
 Optimized the out-of-band management for RAID Card;
 Added support for the redfish interface to query the maximum number of PCIE cards;
 Added support for the redfish interface to query the maximum number of CPUs;
 Added support for the redfish interface to query the maximum number of hard disks;
 Added support for the redfish interface to query the maximum number of power
supplies;
 Added support for the redfish interface to query the maximum number of fans;
 Added support for configuring LDAPS authentication options;
 Added support for Intel's X710, MAC address X550 card standard card acquisition;
Issue 01 (2021-08-21) 15
RH2288H V3
 Added support for CPU, memory, and hard disk log information after component
replacement.
Precautions
Issue 01 (2021-08-21) 16
RH2288H V3
Release Date
2018-08-17
Current Version
V312
Earlier Version
V304
What's New
 Optimized user management policies;
 Optimized component upgrade strategies;
 Optimized the out-of-band management scheme for storage devices;
 Added support for time synchronization of NTP service on Windows;
 Optimized the security policy of TLS;
 Optimized the secure login strategy;
 Optimized multi-language description of the "Disable Panel Power Button" switch on
the WEB page.
Precautions
Issue 01 (2021-08-21) 17
RH2288H V3
Release Date
2018-06-10
Current Version
V304
Earlier Version
V300
What's New
 Optimized the display of help information for the command "ipmcset -t syslog -d
severity" under the CLI;
 Optimized the component information display scheme of the software RAID in the
CLI and WEB;
 Added support for compatibility with the ipmiutil tool in the VMware system;
 Optimized the description of the alarm event of the optical module and add the
subject of the event to the description information;
 Optimized the service port configuration policy on the BMC;
 Optimized the configuration information in the "version.xml" configuration file to be
compatible with the umate and esight upgrade scenarios;
 Optimized the information display on the French interface help page;
 Optimized the configuration import policy and solve the problem that the
configuration file cannot be imported again after importing invalid format files in
some scenarios;
 Optimized rules for setting user login time on the WEB page;
 Optimized the display of the body type in the filter bar of the SEL page;
 Optimized the Firefox browser compatibility strategy to solve the problem of
entering only the part of the user name in some scenarios;
 Optimized the language package upgrade strategy to solve the problem that the
upgrade cannot be performed when there are special characters in the upgrade file
name;
 Optimized BMC software security policy;
 Optimized the statistics policy for querying the number of hard disks through the
SNMP interface.
Issue 01 (2021-08-21) 18
RH2288H V3
Precautions
Issue 01 (2021-08-21) 19
RH2288H V3
Release Date
2018-5-07
Current Version
V300
Earlier Version
V294
What's New
 Optimized the process of creating and deleting logical disks under out-of-band RAID
management;
 Optimized SNMP V1 / V2 community name login mode;
 Added support for uploading upgrade files via redfish post operations;
 Added support for configuring BIOS setup menu items multiple times via the redfish
interface;
 Added support for French interface in WEB;
 Optimize the processing flow of network driver receiving abnormal packets;
 Optimized the packet sending policy of DNS;
 Added support for KVM-compatible Japanese keyboard functionality;
 Added support for obtaining the CPU clock frequency through the redfish interface;
 Added support for PCIE card BDF information acquisition;
 Added support for SSDP to report the ProductName function;
 Added support for using ipmiutil tools for enabled/disabled user functions;
 Optimized the scanning strategy of the management health sensor;
 Added support for LDAP certificate chain authentication;
 Added support for the virtual media mounted via HTTPS Protocol.
Precautions
Issue 01 (2021-08-21) 20
RH2288H V3
Release Date
2018-3-29
Current Version
V294
Earlier Version
V276
What's New
 Optimized LDAP domain account login process;
 Optimized the information display for the Japanese interface;
 Optimized the description of the hard disk speed in the redfish interface;
 Optimized the time zone menu on the WebUI to solve the problem that some city
names are duplicate;
 Optimized the display of pCIeDeviceDevicename under the pcieDevice node queried
using SNMP;
 Optimized the displayed of PCIe card information on the WebUI;
 Optimized the information displayed when the speed of the front and rear fans is
queried using SNMP;
 Optimized the RTC voltage alarm threshold;
 Optimized the display of the NVMe disk information;
 Added monitoring of the SSD service life;
 Added monitoring and alarms about CE overflow of the memory, QPI, and PCIe;
 Enhanced FDM diagnosis, and optimized fault collection, fault analysis, and
diagnosis functions;
 Modified the description of the RAID card firmware version;
 Optimized the information display for the Japanese interface.
Precautions
Issue 01 (2021-08-21) 21
RH2288H V3
Release Date
2018-2-2
Current Version
V276
Earlier Version
V264
What's New
 Added redfish interface for getting logical disk information;
 Added redfish interface to get the status of RAID card BBU;
 Optimization for serial port information print during the process of one-click
collection;
 Added support to clear security logs and action logs by CLI;
 Optimized hard drive manufacturers information display;
 Added redfish interface to get the status for all the RAID controllers;
 Added redfish interface to get the status for all the power units;
 Added redfish interface to get the status for all the hard disks;
 Added redfish interface to disable the writable status of SNMP V2C;
 Added support the system automatically power up after powered off due to the over-
temperature of cpu;
 Added redfish interface to get the status for all the temperature of devices;
 Added redfish interface to get the status for all the fan modules;
 Added redfish interface to get the uptime of BMC;
 Added redfish interface to get the token value of KVM;
 Optimized to get the MAC information of PCIE card by CLI;
 Optimized the reset event log description of system;
 Optimized the information display for the Japanese interface;
 The size of the video file is reduced to prevent one-click information collection
failures in special scenarios;
 The mechanism for displaying the power supply health status queried through the
Redfish interface in power redundancy mode has been optimized;
 Optimize handling Patrol scrub UCE.
Issue 01 (2021-08-21) 22
RH2288H V3
Precautions
Issue 01 (2021-08-21) 23
RH2288H V3
Release Date
2017-12-4
Current Version
V264
Earlier Version
V260
What's New
 Optimized the mechanism for recording memory ECC event logs;
 Optimized the messages displayed on the Firmware Upgrade page on the iBMC
WebUI;
 Optimized the insertion and ejection of the virtual DVD-ROM drive for the KVM;
 Optimized the alarm detection mechanism of the P4600 to eliminate false alarms
reported by the iBMC in special scenarios;
 Optimized the RAID levels displayed on the iBMC to maintain consistency with the
RAID card setting interface;
 Optimized the description of the watchdog timeout event on the iBMC;
 Optimized the format of the sensor names for the Trap event code mode.
Precautions
Issue 01 (2021-08-21) 24
RH2288H V3
Release Date
2017-11-15
Current Version
V260
Earlier Version
V257
What's New
 Added support for 3516 RAID card;
 The web log filtering function has been optimized to eliminate incorrect content
filtered;
 The new version has removed the abnormal page display occurred when the language
of the browser is German;
 The mechanism for checking CPU configuration has been optimized. An alarm will
be generated if no CPU is detected;
 Optimizes the fan speed adjustment mechanism for X540 net card;
 In the earlier version, default parameters cannot be used to create RAID through the
Redfish interface. This problem has been resolved in the new release;
 The Status attribute of the Manager resource is added for the Redfish interface;
 The hardware alarming mechanism of the RAID card has been optimized to prevent
false alarms in certain scenarios;
 The OAM detection is added for NICs;
 The SOL function can be used through the CLI;
 The function of querying and configuring the DST is added;
 LDAP proxy user authentication is supported, and the bound LDAP proxy account
and password can be configured;
 The GUID display sequence has been optimized;
 Added support for Intel P4600 NVME disk；
 Added support for SAMSUNG PM1725a NVME disk;
 The function of disabling inactive accounts is added;
 The function of displaying remote virtual devices is supported on the OS.
Issue 01 (2021-08-21) 25
RH2288H V3
Precautions
Issue 01 (2021-08-21) 26
RH2288H V3
Release Date
2017-11-9
Current Version
V257
Earlier Version
V255
What's New
 Optimize iBMC custom three-level certificate chain import method;
 Optimize SNMP V1 / V2 community name login mode;
 Optimize iBMC self-signed certificate time, consistent with local time;
 Optimization to restore the factory default operation, support the operation log and so
on;
 Added support for 100G IB card (MCX456A, MCX455A-ECAT); Accelerator card
Silicom PE3IS2CO3 (V1.3) and encryption card (X16);
 Optimize redfish alarm level, keep an interface alarm consistent;
 Optimize the interface IPV6 address display, solve the configuration IPV6, the
interface shows the IP address is empty;
 Optimize the user experience of non-full-screen remote KVM, solve the operation of
the VMVARE on the left side of the menu bar, the use of the keyboard direction keys,
KVM on the right side of the scroll bar also with the moving problem;
 Fix the nexpose scan of a serious vulnerability World writable files exist (unix-world-
writable-files);
 Added support for daylight saving time;
 To optimize the user in the SSL certificate import, configuration file import, click the
upgrade interface when the restart button WEB prompt information;
 Optimize Web page resolution tips;
 Optimizing the Accuracy of Memory Problem Location under Optimized High
Temperature;
 Optimize the virtual drive pop-up experience to solve the pop-up drive failure,
repeated access to the drive to start the problem;
 Optimize how LDAP logs in IPV6 mode;
Issue 01 (2021-08-21) 27
RH2288H V3
 Optimize the LDAP configuration to solve the problem that the LDAP group can not
be configured normally in the root directory when configuring the user group
information in the LDAP configuration;
 Optimize the time to log in to iBMC using LDAP;
 Added support for query BOM encoding.
Precautions
Issue 01 (2021-08-21) 28
RH2288H V3
Release Date
2017-9-1
Current Version
V255
Earlier Version
V253
What's New
Added support for 100G Mellanox accelerator card.
Precautions
Issue 01 (2021-08-21) 29
RH2288H V3
Release Date
2017-9-1
Current Version
V253
Earlier Version
V246
What's New
 Optimize LDAP login time;
 Optimize independent kvm client ldap login compatible with special characters;
 Optimize the command line hanging in the virtual media, automatically pop-up drive;
 Optimize iBMC login mode, modify the host name can also be accessed from the
browser;
 Optimize the restart prompt for the iBMC upgrade interface;
 Optimize iBMC to set the resolution when prompted;
 Optimize how LDAP is logged on in IPV6;
 Optimize the display of out-of-band raid management, not for raid cards that are not
supported.
Precautions
Issue 01 (2021-08-21) 30
RH2288H V3
Release Date
2017-8-1
Current Version
V246
Earlier Version
V243
What's New
 Added support for iBMC IP and SN numbers on KVM;
 Added support for P4500 NVME disk.
Precautions
Issue 01 (2021-08-21) 31
RH2288H V3
Release Date
2017-6-8
Current Version
V243
Earlier Version
V242
What's New
Optimize SNMP query time.
Precautions
Issue 01 (2021-08-21) 32
RH2288H V3
Release Date
2017-5-19
Current Version
V242
Earlier Version
V241
What's New
 Optimize LDAP configuration, support for input Lithuanian language;
 Optimize BMC outbound mail time display to keep alarm event time consistent with
BMC current time;
 Optimize KVM usage scenarios to resolve port issues when virtual media can not
connect to problems
Precautions
Issue 01 (2021-08-21) 33
RH2288H V3
Release Date
2017-4-26
Current Version
V241
Earlier Version
V239
What's New
 Added support for Lithuanian language configuration LDAP;
 Added support for P40 GPU cards;
 Added support for IB card (MCX456A-ECAT, MCX455A-ECAT), acceleration card
(CNN5560-750-NHB-G, 8950-SCCP);
 Optimize P40 card speed control strategy;
 Optimize P4 card speed control strategy.
Precautions
Issue 01 (2021-08-21) 34
RH2288H V3
Release Date
2017-3-24
Current Version
V239
Earlier Version
V236
What's New
 Added support for uboot upgrade online;
 Optimized the dual RAID alarm reporting mechanism to eliminate false BMC alarms
in special scenarios.
Precautions
Issue 01 (2021-08-21) 35
RH2288H V3
Release Date
2017-3-6
Current Version
V236
Earlier Version
V230
What's New
 The BMC starts to support P100 GPU cards from this version;
 The BMC starts to support P3700 Intel SSD cards from this version;
 The BMC starts to support one-click collection of PSU logs;
 Optimized the logging mechanism to prevent system event logs (SELs) from being
overwritten by exceptional logs;
 The BMC supports enable the local KVM Client;
 Optimized the domain user login mechanism to solve the following problem: If a user
is assigned to a domain only in user property configuration but not in domain
member configuration, the user cannot log in;
 Optimized the BMC power-on policy to solve the problem that the server does not
power on immediately upon the BMC power-on after the PSUs are shortly
disconnected;
 Optimized the VCORE sensor alarm threshold to prevent low-probability incorrect
alarm reporting;
 Added support for CLI-based SSL certificate import;
 Added support for non-root users to perform pinging;
 Added support for SCP;
 Optimized the logging mechanism to prevent system event logs (SELs) from being
overwritten by exceptional logs;
 Added support for obtaining in-band information;
 Added support for out-of-band RAID configuration management;
 Added support for Redfish interfaces;
 Optimized the LDAP login rules to allow logins with a full name;
 Added support for importing certificate chains;
Issue 01 (2021-08-21) 36
RH2288H V3
 Optimized the network port auto-adaption mode to prevent low-probability ping

packet loss;
 Added support for mounting virtual media through the CLI;
 Added support for importing and exporting basic configurations of the BMC and
BIOS;
 Optimized the domain user login mechanism to solve the following problem: If a user
is assigned to a domain only in user property configuration but not in domain
member configuration, the user cannot log in;
 Optimized the PCIe card slot number display.
Precautions
Issue 01 (2021-08-21) 37
RH2288H V3
Release Date
2017-1-23
Current Version
V230
Earlier Version
V228
What's New
 Alarms will not be reported mistakenly when CPU/PCH temperature is obtained
during the OS start process;
 The initial status has been optimized for the NC-SI that is not used;
 The BMC supports management of XL710 NICs;
 The problem caused by frequent watchdog resets has been removed;
 The BMC supports management of M10 GPU cards;
 The BMC supports use of the KVM function on the FREE BSD;
 Two-factor authentication via web is supported;
 The BMC supports OpenLDAP on Linux;
 The BMC supports enable and disable of the local KVM;
 The BMC supports RAID controller card alarm detection during the system start
process.
Precautions
Issue 01 (2021-08-21) 38
RH2288H V3
Release Date
2016-11-29
Current Version
V228
Earlier Version
V218
What's New
 Deleted the support for telnet to enhance security;
 Optimized the user account lock mechanism. User accounts will be locked when the
number of incorrect password attempts reaches the limit;
 Supported import of the SSL certificates containing special character "-";
 Optimized LDAP implementation to enable iBMC access with LDAP login name and
multi-level directory supported by user groups;
 Supported management of 8038+ fans;
 Supported query of SSD disk endurance and firmware information;
 Supported query of DDR3 and DDR4 DIMM type and SN information;
 Supported query of information about the number of CPU cores, total number of
threads, cache size, and processor ID;
 Supported start of the remote console using the Java Network Launch Protocol
(JNLP);
 Supported query of ES3000 V3 card information, such as the SN, model, endurance,
and firmware version;
 Supported NVIDIA M4 GPU cards;
 Supports NTP out-of-band configuration.
Precautions
Issue 01 (2021-08-21) 39
RH2288H V3
Release Date
2016-11-19
Current Version
V218
Earlier Version
V216
What's New
 Added the function of configuring the IP address and gateway at the same time in one
command in the BMC command line interface;
 Modified the memory ECC event description to: "DIMM### correctable ECC.";
 Added the function of supporting 12/24 NVMe PCIe SSDs;
 Added the function of supporting Ubuntu system clients on the remote virtual KVM;
 Provided a secondary development SNMP interface to supports network interface
mode switching;
 Updated the RAID controller card name on the E9000 product WebUI;
 Added the function of supporting Umate LDAP group setting;
 Resolved problem that when the client is a desktop cloud system, the "Num""caps"
and "scroll" keys on the remote virtual KVM take effect only after being held down.
Precautions
Issue 01 (2021-08-21) 40
RH2288H V3
Release Date
2016-10-22
Current Version
V216
Earlier Version
V212
What's New
 Solved the following problem: The keyboard does not work on the KVM screen if the
local client runs SUSE 11;
 Solved the following problem: Magic keys do not work if ipmitool is used to log in
over SOL to a server running Linux;
 Realized the customization requirements of Baidu sensors;
 Added support for the M60 GPU;
 Added support for Alibaba PTAS;
 Enabled the fault diagnosis LED to display error codes of NICs and HBAs;
 Enabled the SNMP interface to obtain the PCIe card information (VID, DID,
manufacturer, and card description).
Precautions
Issue 01 (2021-08-21) 41
RH2288H V3
Release Date
2016-08-17
Current Version
V212
Earlier Version
V210
What's New
 Enabled LDAP to support the NTLM protocol;
 Enabled commands on the CLI to generate screenshot files.
Precautions
Issue 01 (2021-08-21) 42
RH2288H V3
Release Date
2016-07-26
Current Version
V210
Earlier Version
V206
What's New
 Changed the predictive failure alarm severity to major;
 Added the support for the syslog feature;
 Upgraded the FDM function to version 2.1 to enhance the system error locating
capability;
 Added the support for SSH public key authentication (PKA);
 Added the CLI login function for LDAP users;
 Added the out-of-band monitoring and query function for RAID configurations of the
LSISAS3108 and LSISAS3008 controller cards;
 Optimized the IPMI module to support ipmitool 1.8.14;
 Enhanced security so that Telnet is disabled by default for newly created users;
 Enhanced security by prompting users to change the default password upon login;
 Enhanced security by allowing each BMC account to log in to only one web session
at a time;
 Set the KVM cursor acceleration to be enabled by default to better synchronize the
local and remote cursors;
 Optimized the KVM so that it supports more JRE versions, uses the CA signature
certificate by default, and provides better user experience for PCs connected through
the Internet;
 Optimize the KVM keyboard processing mechanism, solve the Tab key in the remote
KVM inside the probability of failure;
 Optimized the web online help to solve the low-probability problem that online help
cannot be displayed properly;
 Optimized the enginetime mechanism of SNMP traps to solve the problem that some
NMSs encounter errors in receiving SNMP traps;
Issue 01 (2021-08-21) 43
RH2288H V3
 Fixed the brute force cracking vulnerability;

 Fixed the information leak vulnerability;
 Fixed the weak encryption algorithm vulnerability;
 Fixed the uncontrolled resource consumption vulnerability.
Precautions
 iBMC V210 works with BIOS V328. After upgrading the iBMC to V210, you must
upgrade the BIOS to V328;
 Precaution: iBMC 2.05 or later does not support users with empty passwords. If
iBMC is upgraded from an earlier version to 2.05 or later, users with empty
passwords cannot.
Issue 01 (2021-08-21) 44
RH2288H V3
Release Date
2016-05-10
Current Version
V206
Earlier Version
V202
What's New
 Optimized the WebUI and the description of the KVM power-on and power-off. The
description is clearer;
 Optimized password security by prohibiting empty passwords;
 Optimized the SSL certificate import function. Resolved the problem that after the
CSR file is generated for multiple times, importing the certificate fails.;
 Users in customer role group can execute one-click collection on WebUI;
 User can login to iBMC web from eSight withe SSO function.
Precautions
Issue 01 (2021-08-21) 45
RH2288H V3
Release Date
2016-03-15
Current Version
V202
Earlier Version
V201
What's New
 Optimized the fan speed adjustment policy;
 Added the fault diagnosis function for Intel Broadwell E5V4 CPUs;
 Added the support for the Japanese keyboard in KVM;
 Added the support for ES3000 V3 SSDs.;
 Added the support for SM236 NICs;
 Resolved the BMC function errors caused by log compression failures that
occasionally occur;
 Added the M30 and M40 GPU fan speed adjustment function.
Precautions
Issue 01 (2021-08-21) 46
RH2288H V3
Release Date
2016-02-25
Current Version
V201
Earlier Version
V193
What's New
 Resolved the problem that fan modules occasionally run at a high speed after server
power-on and power-off;
 Resolved the problem that iBMC cannot power on or off devices after server power-
on and power-off;
 Optimized the compatibility with the FreeIPMI tool to resolve the problem that errors
are reported when users query iBMC FRU information on the OS;
 Optimized the compatibility between MIB files and Spectrum to resolve Spectrum's
failure to compile MIB files;
 Resolved the problem that incorrect RAID controller card quantities are occasionally
displayed on the iBMC WebUI;
 Optimized the PSU status query function of the SNMP interface by adding the PSU
absence state;
 Installed the official SNMP software patch to defend against the 05840BRG
vulnerability of SNMP 5.7.3;
 Added the LDAP multi-domain management function (up to three LDAP servers can
be configured);
 Optimized the MCE and "CAT ERROR" diagnosis function;
 Added the function for managing Broadwell E5 v4 series CPUs;
 Optimized the out-of-band management of PCIe SSDs so that users can query SSD
information such as capacity and manufacturers;
 Added the functions for querying and configuring the SNMP Trap mode;
 Added the function for upgrading the Huawei 750 W PSU firmware;
 Added the support for SM236, SP245, SM251, and SP230 cards.
Issue 01 (2021-08-21) 47
RH2288H V3
Precautions
Issue 01 (2021-08-21) 48
RH2288H V3
Release Date
2016-01-07
Current Version
V193
Earlier Version
V191
What's New
 Resolved the occasional garbled characters in SOL log files downloaded from the
web system;
 Resolved the problem that the BMC is abnormal due to the long-time use of the
SNMP client.
Precautions
Issue 01 (2021-08-21) 49
RH2288H V3
Release Date
2015-11-03
Current Version
V191
Earlier Version
V182
What's New
 Added the function for starting the remote console through URL;
 Added the SD card management function;
 Added the PCIe SSD management function;
 Optimized the fault diagnosis function to enable users to correctly locate faulty
components;
 Added the JRE version download link on a page of the iBMC web system;
 Added the function for cancelling IP address configuration;
 Added the function for disconnecting the KVM upon timeout;
 Added the function for using the ipmitool command to set an SNMP community
name;
 Resolved the occasional reconnection failures upon abnormal SOL disconnections;
 Resolved the failures to refresh power consumption data or present alarms in the
iBMC web system.
Precautions
Issue 01 (2021-08-21) 50
RH2288H V3
Release Date
2015-09-22
Current Version
V182
Earlier Version
V162
What's New
 Resolved the KVM and remote desktop compatibility problem in case of using a 32-
bit browser in a 64-bit operating system;
 Resolved the problem that the BMC may have a duplicate engine ID;
 Resolved the problem that the accumulated power consumption value is incorrect;
 Resolved the problem that the English interface and prompts may show Chinese
characters;
 Optimized alarms of PCIe devices, including RAID controller cards and I/O
modules;
 Resolved the problem that the thermal trip alarm persists after it triggers a power-off;
 Resolved the problem that the BMC may encounter errors in case of pressing
CTRL+D in the CLI;
 Resolved the problem that the disk numbers are not sequential;
 Resolved the problem that the WebUI of the upgraded BMC can be used only after
the browser cache is cleared;
 Resolved the problem that the CPU2 alarms are displayed as CPU1 alarms;
 Optimized a warning message for use of NMIs;
 Included the video recording and screen capturing functions in the one-click
collection function;
 Resolved the problem that the displayed backup version is incorrect after a BMC
version rollback;
 Resolved the problem that the SNMP and web interfaces provide different fan alarm
levels.
Issue 01 (2021-08-21) 51
RH2288H V3
Precautions
Issue 01 (2021-08-21) 52
RH2288H V3
Release Date
2015-6-8
Current Version
V162
Earlier Version
V151
What's New
 Support virtual folder functionality;
 Support for power supply mode (Active-standby);
 Web support port mapping function;
 Support for stateless computing;
 Support PTAS features;
 Support for custom role management;
 Support over IPv6 IPMI LAN.
Precautions
Issue 01 (2021-08-21) 53
RH2288H V3
Release Date
2015-5-19
Current Version
V151
Earlier Version
V138
What's New
 Optimizes fan speed adjustment of the ES3000 V2 SSD card;
 Permanently deletes the original Iptable parameters after configuring with new ones;
 Solves the problem that the mouse and keyboard cannot be used normally in some
special scenarios after the RAID 3108 card is configured;
 Solves the problem that the BMC LDAP function is related to the LDAP server
configuration;
 Solves the problem that BIOS configuration is lost after BIOS is upgraded, if the ME
data area changes;
 Optimizes the PCIe SSD card identification and heat dissipation and supports the
default RAID 1 of the two SD cards;
 Solves the problem that the BMC runs slowly and abnormally caused by the LCD
module memory leakage;
 Solves the following problem: There is a low probability that esight software fails to
upgrade the CPLD;
 Solves the Sensor CPU DTS access unavailable.
Precautions
Issue 01 (2021-08-21) 54
RH2288H V3
Release Date
2015-4-2
Current Version
V138
Earlier Version
V135
What's New
 Solves the problem that the sensor for detecting fan module installation status is
abnormal;
 Solves the problem that the freeipmi bmc-info command cannot be executed in
Linux;
 Solves the problem that BMC is abnormal caused by pressure tests using the
IPMItool in the OS.
Precautions
Issue 01 (2021-08-21) 55
RH2288H V3
Release Date
2015-3-4
Current Version
V135
Earlier Version
V128
What's New
 Optimized the Restore Factory Settings option, allowing only an administrator has
the right to restore factory settings;
 Solved the problem that BMC login fails over FTP, Telnet, and SSH if a power
failure occurs;
 Added the function of setting the power-off timeout over SNMP;
 Solved the problem that indicator and component information on the WebUI needs to
be updated manually. The information can be updated automatically;
 Solved the problem that the sender's password is not set successfully when a message
indicating that the setting is successful is displayed on the Alarm Email Notification
Settings page;
 Solved the problem that the last-screen function cannot record the information
displayed on the last screen when a server is powered off;
 Optimized black box function. This function can be enabled or disabled when a
server is powered on or off;
 Solved the problem that sensor historical alarms for PCIe cards cannot be parsed after
the BMC resets or is powered off;
 Updated the time to 2014-2015 and updated the description to "Copyright Huawei
Technologies Co., Ltd. 2004-2015. All rights reserved";
 Solved the problem that the power-on policy option cannot be restored to the default
setting after the factory settings are restored;
 Supported ES3000 V2 PCIe SSDs;
 Supported active and standby PSUs;
 Optimized fan speed adjustment policy for PCIe GPUs;
Issue 01 (2021-08-21) 56
RH2288H V3
 Optimized NC-SI adaptive function for PCIe card configuration, allowing the
function to be still effective after the PCIe card is installed in another slot;
 Optimized management network port adaptive function.Fixed network port selection
sequence: dedicated BMC network port, onboard network ports (1, 2, 3, and 4), and
PCIe card network ports (1 and 0);
 Added FDM fault diagnosis function.
Precautions
Issue 01 (2021-08-21) 57
RH2288H V3
Release Date
2015-1-19
Current Version
V128
Earlier Version
V126
What's New
 Optimized the power display when the power of server exceeds 1024W;
 Optimized the file protection mechanism to avoid the low properbility that server
cannot be powered on;
 Solved the low properbility issue of "heartbeat" mis-alarm when power supply is
plug/unplug time after time;
 Increase function of default restore point, avoid the restortion cannot be operated
when restore point is not manually configured;
 Optimized power-capping fuction, solved server re-initialization after power on.
 Solved low properbility issue that "TAB" key cannot be responsed in email
configuration;
 Solved the low properbility issue of faulty high temp alarm of CPUs and DIMMs;
 Solve the issue that Hostname cannot be resovled in DNS.
Precautions
Issue 01 (2021-08-21) 58
RH2288H V3
Release Date
2014-12-29
Current Version
V126
Earlier Version
V123
What's New
 Optimizes a fan speed adjustment technology to provide heat dissipation capacity,
ensuring that it can stably operate for a long term at an ambient temperature of 45°C;
 Solves the problem that the BMC time zone may fail to be set using IPMItool;
 Supports Huawei SM212;
 Solves the problem that no information is displayed when four GPUs are installed;
 Avoids Windows of the Chinese version when a user log in to the WebUI of the
English version for the firs time;
 Solves the problem that the function of one-time automatic BIOS SETUP login takes
effect again when this function is enabled.
Precautions
Issue 01 (2021-08-21) 59
RH2288H V3
Release Date
2014-12-02
Current Version
V123
Earlier Version
V116
What's New
 New rules apply to user login user LDAP groups;
 Added fan model display in WEB page;
 Added NEW user rights management features in WEB page, you can configure the
user have no permission to use KVM;
 Added NSCI function for Intel PCIE NIC Card;
 Support Freeipmi tool to use SOL;
 Support DCM feature;
 Support IPMI commands to entering the BIOS SETUP;
 Added LDAP to support NTLM authentication mechanisms;
 Support TRAP OID function.
Precautions
Issue 01 (2021-08-21) 60
RH2288H V3
Release Date
2014-10-16
Current Version
V116
Earlier Version
N/A
What's New
This issue is the first release version.
Precautions
Issue 01 (2021-08-21) 61
RH2288H V3
Issue 01 (2021-08-21) 62
RH2288H V3
50 Vulnerability Patch List
Software Software CVE CVSS Vulnerability Fixed

Name Version Numb Score Description Version
er
curl 7.69.1 CVE- 7.5 curl 7.41.0 through 7.73.0 V399
2020-
is vulnerable to an improp
8286
er check for certificate rev
ocation due to insufficient
verification of the OCSP r
esponse.
curl 7.69.1 CVE- 7.5 curl 7.21.0 to and including V399
2020- 7.73.0 is vulnerable to
8285 uncontrolled recursion due to
a stack overflow issue in FTP
wildcard match parsing.
curl 7.69.1 CVE- 3.7 A malicious server can use V399

2020-
the FTP PASV response t
8284
o trick curl 7.73.0 and ear
lier into connecting back t
o a given IP address and
port, and this way potentia
lly make curl extract infor
mation about services that
are otherwise private and
not disclosed, for example
doing port scanning and se
rvice banner extractions.
2021- 7.75.0 is vulnerable to an
22876 "Exposure of Private
Personal Information to an
Issue 01 (2021-08-21) 63
RH2288H V3
Unauthorized Actor" by
leaking credentials in the
HTTP Referer: header.
libcurl does not strip off user
credentials from the URL
when automatically
populating the Referer:
HTTP request header field in
outgoing HTTP requests, and
therefore risks leaking
sensitive data to the server
that is the target of the second
HTTP request.

2021- suffers from exposure of data
22897 element to wrong session due
to a mistake in the code for
CURLOPT_SSL_CIPHER_
LIST when libcurl is built to
use the Schannel TLS library.
The selected cipher set was
stored in a single "static"
variable in the library, which
has the surprising side-effect
that if an application sets up
multiple concurrent transfers,
the last one that sets the
ciphers will accidentally
control the set used by all
transfers. In a worst-case
scenario, this we
curl 7.69.1 CVE- 7.5 curl 7.7 through 7.76.1 V399

2021- suffers from an information
22898 disclosure when the `-t`
command line option, known
as
`CURLOPT_TELNETOPTI
ONS` in libcurl, is used to
send variable=content pairs
to TELNET servers. Due to a
flaw in the option parser for
sending NEW_ENV
variables, libcurl could be
made to pass on uninitialized
data from a stack based buffer
to the server, resulting in
potentially revealing
sensitive internal information
to the server using a clear-text
network protocol.

2021- 7.75.0 includes vulnerability
22890 that allows a malicious
Issue 01 (2021-08-21) 64
RH2288H V3
HTTPS proxy to MITM a

connection due to bad
handling of TLS 1.3 session
tickets. When using a HTTPS
proxy and TLS 1.3, libcurl
can confuse session tickets
arriving from the HTTPS
proxy but work as if they
arrived from the remote
server and then wrongly
"short-cut" the host
handshake. When confusing
the tickets, a HTTPS proxy
can trick libcurl to use the
wrong session ticket resume
for the host and thereby
circumv
PHP 7.3.22 CVE- 6.5 In PHP versions 7.2.x below V399

2020- 7.2.34, 7.3.x below 7.3.23
7069 and 7.4.x below 7.4.11, when
AES-CCM mode is used with
openssl_encrypt() function
with 12 bytes IV, only first 7
bytes of the IV is actually
used. This can lead to both
decreased security and
incorrect encryption data.

2020- 7.2.34, 7.3.x below 7.3.23
7070 and 7.4.x below 7.4.11, when
PHP is processing incoming
HTTP cookie values, the
cookie names are url-
decoded. This may lead to
cookies with prefixes like
__Host confused with
cookies that decode to such
prefix, thus leading to an
attacker being able to forge
cookie which is supposed to
be secure. See also CVE-
2020-8184 for more
information.

2020- 7.3.26, 7.4.x below 7.4.14
7071 and 8.0.0, when validating
URL with functions like
filter_var($url,
FILTER_VALIDATE_URL),
PHP will accept an URL with
invalid password as valid
URL. This may lead to
functions that rely on URL
Issue 01 (2021-08-21) 65
RH2288H V3
being valid to mis-parse the

URL and produce wrong data
as components of the URL.
json-c 0.12.1 CVE- 7.8 json-c through 0.14 has an V399

2020- integer overflow and out-of-
12762 bounds write via a large
JSON file, as demonstrated
by printbuf_memappend.
openssh 8.2p1 CVE- 5.9 The client side in OpenSS V399

2020- H 5.7 through 8.4 has an
14145 Observable Discrepancy lea
ding to an information lea
k in the algorithm negotiat
ion. This allows man-in-th
e-middle attackers to target
initial connection attempts
(where no host key for t
he server has been cached
by the client). NOTE: som
e reports state that 8.5 and
8.6 are also affected.
openssh 8.2p1 CVE- 7.1 ssh-agent in OpenSSH before V399
2021- 8.5 has a double free that may
28041 be relevant in a few less-
common scenarios, such as
unconstrained agent-socket
access on a legacy operating
system, or the forwarding of
an agent to an attacker-
controlled host.
openssh 8.2p1 CVE- 5.9 The client side in OpenSS V399

2020- H 5.7 through 8.4 has an
14145 Observable Discrepancy lea
ding to an information lea
k in the algorithm negotiat
ion. This allows man-in-th
e-middle attackers to target
initial connection attempts
(where no host key for t
he server has been cached
by the client). NOTE: som
e reports state that 8.5 and
8.6 are also affected.
openssh 8.2p1 CVE- 7.1 ssh-agent in OpenSSH before V399
2021- 8.5 has a double free that may
28041 be relevant in a few less-
common scenarios, such as
Issue 01 (2021-08-21) 66
RH2288H V3
unconstrained agent-socket
access on a legacy operating
system, or the forwarding of
an agent to an attacker-
controlled host.
TinyUI 2 2.34.0 CVE- 6.1 jQuery before 3.0.0 is V397

2015- vulnerable to Cross-site
9251 Scripting (XSS) attacks when
a cross-domain Ajax request
is performed without the
dataType option, causing
text/javascript responses to
be executed.
TinyUI 2 2.34.0 CVE- 6.1 jQuery before 3.4.0, as used V397

2019- in Drupal, Backdrop CMS,
11358 and other products,
mishandles
jQuery.extend(true, {}, ...)
because of Object.prototype
pollution. If an unsanitized
source object contained an
enumerable __proto__
property, it could extend the
native Object.prototype.
NTP 4.2.8p15 CVE- 8.1 Network Time Protocol V397

2019- (NTP), as specified in RFC
11331 5905, uses port 123 even for
modes where a fixed port
number is not required,
which makes it easier for
remote attackers to conduct
off-path attacks.
NTP 4.2.8p15 CVE- 5.3 ntpd in ntp 4.2.8p10, V397

2018- 4.2.8p11, 4.2.8p12 and
8956 4.2.8p13 allow remote
attackers to prevent a
broadcast client from
synchronizing its clock with a
broadcast NTP server via
soofed mode 3 and mode 5
packets. The attacker must
either be a part of the same
broadcast network or control
a slave in that broadcast
network that can capture
certain required packets on
the attacker's behalf and send
them to the attacker.
NTP 4.2.8p15 CVE- 7.5 ntpd in ntp before 4.2.8p14 V397

2020- and 4.3.x before 4.3.100
11868 allows an off-path attacker to
block unauthenticated
Issue 01 (2021-08-21) 67
RH2288H V3
synchronization via a server

mode packet with a spoofed
source IP address, because
transmissions are
rescheduled even when a
packet lacks a valid origin
timestamp.
OpenLDAP 2.4.49 CVE- 6.5 servers/slapd/back-mdb/sear V397

2017- ch.c in OpenLDAP through
9287 2.4.44 is prone to a doub
le free vulnerability. A use
r with access to search the
directory can crash slapd
by issuing a search includi
ng the Paged Results contr
ol with a page size of 0.
OpenLDAP 2.4.49 CVE- 5.0 pam_ldap and nss_ldap, w V397
2005- hen used with OpenLDAP
2069 and connecting to a slave
using TLS, does not use T
LS for the subsequent con
nection if the client is refe
rred to a master, which m
ay cause a password to be
sent in cleartext and allo
ws remote attackers to snif
f the password.
OpenLDAP 2.4.49 CVE- 4.7 slapd in OpenLDAP 2.4.45 V397
2017- and earlier creates a PID file
14159 after dropping privileges to a
non-root account, which
might allow local users to kill
arbitrary processes by
leveraging access to this non-
root account for PID file
modification before a root
script executes a "kill `cat
/pathname`" command, as
demonstrated by openldap-
initscript.
OpenLDAP 2.4.49 CVE- 7.5 contrib/slapd- V397

2017- modules/nops/nops.c in
17740 OpenLDAP through 2.4.45,
when both the nops module
and the memberof overlay are
enabled, attempts to free a
buffer that was allocated on
the stack, which allows
remote attackers to cause a
Issue 01 (2021-08-21) 68
RH2288H V3
denial of service (slapd crash)

via a member MODDN
operation.
OpenLDAP 2.4.49 CVE- 7.5 An issue was discovered i V397

2019- n OpenLDAP 2.x before
13565 2.4.48. When using SASL
authentication and session
encryption, and relying on
the SASL security layers i
n slapd access controls, it
is possible to obtain acces
s that would otherwise be
denied via a simple bind f
or any identity covered in
those ACLs. After the first
SASL bind is completed,
the sasl_ssf value is retain
ed for all new non-SASL
connections. Depending on
the ACL configuration, this
can affect different types
of operations (searches, mo
di
OpenLDAP 2.4.49 CVE- 4.9 An issue was discovered in V397
2019- the server in OpenLDAP
13057 before 2.4.48. When the
server administrator
delegates rootDN (database
admin) privileges for certain
databases but wants to
maintain isolation (e.g., for
multi-tenant deployments),
slapd does not properly stop a
rootDN from requesting
authorization as an identity
from another database during
a SASL bind or with a
proxyAuthz (RFC 4370)
control. (It is not a common
configuration to deploy a
system where the server
administrator and a DB
administr
OpenLDAP 2.4.49 CVE- 4.3 libraries/libldap/tls_o.c in V397

2009- OpenLDAP 2.2 and 2.4, and
3767 possibly other versions, when
OpenSSL is used, does not
properly handle a '\0'
character in a domain name in
Issue 01 (2021-08-21) 69
RH2288H V3
the subject's Common Name

(CN) field of an X.509
certificate, which allows
man-in-the-middle attackers
to spoof arbitrary SSL servers
via a crafted certificate issued
by a legitimate Certification
Authority, a related issue to
CVE-2009-2408.
OpenLDAP 2.4.49 CVE- 7.5 In filter.c in slapd in V397

2020- OpenLDAP before 2.4.50,
12243 LDAP search filters with
nested boolean expressions
can result in denial of service
(daemon crash).
OpenLDAP 2.4.49 CVE- 5.0 The nss_parse_ciphers V397

2015- function in
3276 libraries/libldap/tls_m.c in
OpenLDAP does not
properly parse OpenSSL-
style multi-keyword mode
cipher strings, which might
cause a weaker than intended
cipher to be used and allow
remote attackers to have
unspecified impact via
unknown vectors.
OpenLDAP 2.4.49 CVE- 4.2 libldap in certain third-part V397

2020- y OpenLDAP packages has
15719 a certificate-validation fla
w when the third-party pa
ckage is asserting RFC612
5 support. It considers CN
even when there is a non
-matching subjectAltName
(SAN). This is fixed in, f
or example, openldap-2.4.4
6-10.el8 in Red Hat Enter
prise Linux.
2020- is vulnerable to an inform
8169 ation disclosure vulnerabilit
y that can lead to a partia
l password being leaked o
ver the network and to the
DNS server(s).
2020- is vulnerable to improper r
Issue 01 (2021-08-21) 70
RH2288H V3
8177 estriction of names for file

s and other resources that
can lead too overwriting a
local file when the -J flag
is used.
curl 7.69.1 CVE- 7.5 Due to use of a dangling V397
2020- pointer, libcurl 7.29.0 throu
8231 gh 7.71.1 can use the wro
ng connection when sendin
g data.
PHP 7.3.22 CVE- 7.4 PHP through 7.1.11 enable V397
2017- s potential SSRF in applic
7272 ations that accept an fsock
open or pfsockopen hostna
me argument with an expe
ctation that the port numb
er is constrained. Because
a :port syntax is recognize
d, fsockopen will use the
port number that is specifi
ed in the hostname argume
nt, instead of the port nu
mber in the second argum
ent of the function.
PHP 7.3.22 CVE- 9.8 The SplObjectStorage unse V397
2016- rialize implementation in e
7480 xt/spl/spl_observer.c in PH
P before 7.0.12 does not v
erify that a key is an obje
ct, which allows remote at
tackers to execute arbitrary
code or cause a denial of
service (uninitialized mem
ory access) via crafted seri
alized data.
PHP 7.3.22 CVE- 9.8 Multiple integer overflows V397
2016- in php_zip.c in the zip ext
3078 ension in PHP before 7.0.6
allow remote attackers to
cause a denial of service
(heap-based buffer overflo
w and application crash) o
r possibly have unspecified
other impact via a crafted
Issue 01 (2021-08-21) 71
RH2288H V3
call to (1) getFromIndex

or (2) getFromName in th
e ZipArchive class.
PHP 7.3.22 CVE- 9.8 The zend_string_extend fun V397
2017- ction in Zend/zend_string.h
8923 in PHP through 7.1.5 doe
s not prevent changes to s
tring objects that result in
a negative length, which al
lows remote attackers to c
ause a denial of service (a
pplication crash) or possibl
y have unspecified other i
mpact by leveraging a scri
pt's use of .= with a long
string.
PHP 7.3.22 CVE- 9.8 Integer overflow in the ph V397
2016- p_filter_encode_url function
4345 in ext/filter/sanitizing_filte
rs.c in PHP before 7.0.4 al
lows remote attackers to c
ause a denial of service or
possibly have unspecified
other impact via a long str
ing, leading to a heap-base
d buffer overflow.
PHP 7.3.22 CVE- 9.8 Integer overflow in the str V397
2016- _pad function in ext/standa
4346 rd/string.c in PHP before
7.0.4 allows remote attacke
rs to cause a denial of ser
vice or possibly have unsp
ecified other impact via a
long string, leading to a h
eap-based buffer overflow.
PHP 7.3.22 CVE- 9.8 Integer overflow in the xm V397
2016- l_utf8_encode function in
4344 ext/xml/xml.c in PHP befor
e 7.0.4 allows remote attac
kers to cause a denial of
service or possibly have u
nspecified other impact via
a long argument to the ut
f8_encode function, leading
Issue 01 (2021-08-21) 72
RH2288H V3
to a heap-based buffer ov
erflow.
PHP 7.3.22 CVE- 7.5 Integer overflow in the get V397
2015- num function in lua_struct.
8080 c in Redis 2.8.x before 2.
8.24 and 3.0.x before 3.0.6
allows context-dependent
attackers with permission t
o run Lua code in a Redi
s session to cause a denial
of service (memory corru
ption and application cras
h) or possibly bypass inten
ded sandbox restrictions vi
a a large number, which tr
iggers a stack-based buffer
overflow.
PHP 7.3.22 CVE- 7.5 V397
2017- ** DISPUTED ** The G
7963 NU Multiple Precision Arit
hmetic Library (GMP) inte
rfaces for PHP through 7.
1.4 allow attackers to caus
e a denial of service (me
mory consumption and app
lication crash) via operatio
ns on long strings. NOTE:
the vendor disputes this,
stating "There is no securit
y issue here, because GM
P safely aborts in case of
an OOM condition. The o
nly attack vector here is d
enial of service. However,
if you allow attacker-contr
olled, unbounded allocation
s you have a DoS vector
regardless of
PHP 7.3.22 CVE- 5.0 The mb_strcut function in V397

2010- Libmbfl 1.1.0, as used in
4156 PHP 5.3.x through 5.3.3, a
llows context-dependent att
ackers to obtain potentially
Issue 01 (2021-08-21) 73
RH2288H V3
sensitive information via

a large value of the third
parameter (aka the length
parameter).
PCRE 8.44 CVE- 7.5 An out-of-bounds read was V397
2019- discovered in PCRE befor
20454 e 10.34 when the pattern \
X is JIT compiled and use
d to match specially crafte
d subjects in non-UTF mo
de. Applications that use P
CRE to parse untrusted in
put may be vulnerable to t
his flaw, which would allo
w an attacker to crash the
application. The flaw occur
s in do_extuni_no_utf in p
cre2_jit_compile.c.
APACHE 2.4.46 CVE- 6.1 In Apache HTTP server 2. V397
2019- 4.0 to 2.4.39, Redirects co
10098 nfigured with mod_rewrite
that were intended to be s
elf-referential might be foo
led by encoded newlines a
nd redirect instead to an u
nexpected URL within the
request URL.
APACHE 2.4.46 CVE- 6.1 V397
2019- In Apache HTTP Server 2.
10092 4.0-2.4.39, a limited cross-
site scripting issue was rep
orted affecting the mod_pr
oxy error page. An attacke
r could cause the link on
the error page to be malfo
rmed and instead point to
a page of their choice. Thi
s would only be exploitabl
e where a server was set
up with proxying enabled
but was misconfigured in
such a way that the Proxy
Error page was displayed.
Issue 01 (2021-08-21) 74
RH2288H V3
APACHE 2.4.46 CVE- 7.2 In Apache HTTP Server 2. V397

2019- 4.32-2.4.39, when mod_re
10097 moteip was configured to
use a trusted intermediary
proxy server using the "P
ROXY" protocol, a special
ly crafted PROXY header
could trigger a stack buffe
r overflow or NULL point
er deference. This vulnerab
ility could only be triggere
d by a trusted proxy and
not by untrusted HTTP cli
ents.
2019- 4.18-2.4.39, using fuzzed n
10082 etwork input, the http/2 se
ssion handling could be m
ade to read memory after
being freed, during connect
ion shutdown.
APACHE 2.4.46 CVE- 6.1 In Apache HTTP server 2. V397
2019- 4.0 to 2.4.39, Redirects co
10098 nfigured with mod_rewrite
that were intended to be s
elf-referential might be foo
led by encoded newlines a
nd redirect instead to an u
nexpected URL within the
request URL.
2020- 4.0 to 2.4.41, mod_proxy_f
1934 tp may use uninitialized m
emory when proxying to a
malicious FTP server.
libjpeg 9d CVE- 7.1 In IJG JPEG (aka libjpeg) V397
2020- before 9d, jpeg_mem_avail
14152 able() in jmemnobs.c in dj
peg does not honor the m
ax_memory_to_use setting,
possibly causing excessive
memory consumption.
libjpeg 9d CVE- 7.1 V397
2020- In IJG JPEG (aka libjpeg)
Issue 01 (2021-08-21) 75
RH2288H V3
14153 from version 8 through 9c,

jdhuff.c has an out-of-bou
nds array read for certain
table pointers.
net-snmp 5.8 CVE- 6.5 net-snmp before 5.8.1.pre1 V397

2019- has a double free in usm_
20892 free_usmStateReference in
snmplib/snmpusm.c via an
SNMPv3 GetBulk request.
NOTE: this affects net-snm
p packages shipped to end
users by multiple Linux di
stributions, but might not
affect an upstream release.
Openssh 8.2p1 CVE- 6.8 An issue was discovered i V397
2019- n OpenSSH 7.9. Due to m
6109 issing character encoding i
n the progress display, a
malicious server (or Man-i
n-The-Middle attacker) can
employ crafted object nam
es to manipulate the client
output, e.g., by using ANS
I control codes to hide ad
ditional files being transfer
red. This affects refresh_pr
ogress_meter() in progress
meter.c.
Openssh 8.2p1 CVE- 6.8 In OpenSSH 7.9, due to a V397
2019- ccepting and displaying ar
6110 bitrary stderr output from t
he server, a malicious serv
er (or Man-in-The-Middle
attacker) can manipulate th
e client output, for exampl
e to use ANSI control cod
es to hide additional files
being transferred.
Openssh 8.2p1 CVE- 5.9 An issue was discover V397
2019- ed in OpenSSH 7.9. Due t
6111 o the scp implementation
being derived from 1983 r
cp, the server chooses whi
Issue 01 (2021-08-21) 76
RH2288H V3
ch files/directories are sent

to the client. However, the
scp client only performs
cursory validation of the o
bject name returned (only
directory traversal attacks
are prevented). A maliciou
s scp server (or Man-in-Th
e-Middle attacker) can ove
rwrite arbitrary files in the
scp client target directory.
If recursive operation (-r)
is performed, the server ca
n manipulate subdirect
Openssh 8.2p1 CVE- 7.5 ** DISPUTED ** The scp V397
2020- client in OpenSSH 8.2 in
12062 correctly sends duplicate re
sponses to the server upon
a utimes system call failu
re, which allows a malicio
us unprivileged user on th
e remote server to overwri
te arbitrary files in the cli
ent's download directory b
y creating a crafted subdir
ectory anywhere on the re
mote server. The victim m
ust use the command scp
-rp to download a file hier
archy containing, anywhere
inside, this crafted subdir
ectory. NOTE: the vendor
points out that
Apache 1.6.3 CVE- 7.1 When apr_time_exp*() or V276
Portable 2017- apr_os_exp_time*() functions
Runtime 12613 are invoked with an invalid
month field value in Apache
Portable Runtime APR 1.6.2
and prior, out of bounds
memory may be accessed in
converting this value to an
apr_time_exp_t value,
potentially revealing the
contents of a different static
heap value or resulting in
program termination, and may
represent an information
Issue 01 (2021-08-21) 77
RH2288H V3
disclosure or denial of service

vulnerability to applications
which call these APR functions
with unvalidated external input.
Apache HTTP 2.4.27 CVE- 9.1 In Apache httpd before 2.2.34 V262
Server 2017- and 2.4.x before 2.4.27, the
9788 value placeholder in
[Proxy-]Authorization headers
of type 'Digest' was not
initialized or reset before or
between successive key=value
assignments by
mod_auth_digest. Providing an
initial key with no '='
assignment could reflect the
stale value of uninitialized pool
memory used by the prior
request, leading to leakage of
potentially confidential
information, and a segfault in
other cases resulting in denial
of service.
Apache HTTP 2.4.27 CVE- 7.5 When under stress, closing V262
Server 2017- many connections, the HTTP/2
9789 handling code in Apache httpd
2.4.26 would sometimes
access memory after it has
been freed, resulting in
potentially erratic behaviour.
SQLite 3.21.0 CVE- 5.9 os_unix.c in SQLite before V262

2016- 3.13.0 improperly implements
6153 the temporary directory search
algorithm, which might allow
local users to obtain sensitive
information, cause a denial of
service (application crash), or
have unspecified other impact
by leveraging use of the current
working directory for temporary
files.
SQLite 3.21.0 CVE- 9.8 The getNodeSize function in V262

2017- ext/rtree/rtree.c in SQLite
10989 through 3.19.3,as used in
GDAL and other
products,mishandles
undersized RTree blobs in a
crafted database,leading to a
heap-based buffer over-read or
possibly unspecified other
impact.
PHP CVE- 7.8 In PHP before 5.6.31, 7.x V257

2017- before 7.0.21, and 7.1.x before
Issue 01 (2021-08-21) 78
RH2288H V3
11628 7.1.7, a stack-based buffer

overflow in the
zend_ini_do_op() function in
Zend/zend_ini_parser.c could
cause a denial of service or
potentially allow executing
code. NOTE: this is only
relevant for PHP applications
that accept untrusted input
(instead of the system's php.ini
file) for the parse_ini_string or
parse_ini_file function, e.g., a
web application for syntax
validation of php.ini directives.
Issue 01 (2021-08-21) 79

RH2288H V3 IBMC V399 Release Notes 01

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RH2288H V3 IBMC V399 Release Notes 01

Uploaded by

Copyright:

Available Formats

RH2288H V3

iBMC V399 Release Notes

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

1 V399 Release Notes ....................................................................................................................... 1

25 V243 Release Notes ................................................................................................................... 32

1 V399 Release Notes

2 V397 Release Notes

3 V396 Release Notes

4 V390 Release Notes

5 V382 Release Notes

6 V357 Release Notes

7 V345 Release Notes

8 V338 Release Notes

9 V334 Release Notes

10 V330 Release Notes

 Optimized WEB help information for occupancy monitoring;

11 V323 Release Notes

12 V317 Release Notes

13 V316 Release Notes

14 V312 Release Notes

15 V304 Release Notes

16 V300 Release Notes

17 V294 Release Notes

18 V276 Release Notes

19 V264 Release Notes

20 V260 Release Notes

21 V257 Release Notes

22 V255 Release Notes

23 V253 Release Notes

24 V246 Release Notes

25 V243 Release Notes

26 V242 Release Notes

27 V241 Release Notes

28 V239 Release Notes

29 V236 Release Notes

 Optimized the network port auto-adaption mode to prevent low-probability ping

30 V230 Release Notes

31 V228 Release Notes

32 V218 Release Notes

33 V216 Release Notes

34 V212 Release Notes

35 V210 Release Notes

 Fixed the brute force cracking vulnerability;

36 V206 Release Notes

37 V202 Release Notes

38 V201 Release Notes

39 V193 Release Notes

40 V191 Release Notes

41 V182 Release Notes

42 V162 Release Notes

43 V151 Release Notes

44 V138 Release Notes

45 V135 Release Notes

46 V128 Release Notes

47 V126 Release Notes

48 V123 Release Notes

49 V116 Release Notes

50 Vulnerability Patch List

Software Software CVE CVSS Vulnerability Fixed

curl 7.69.1 CVE- 3.7 A malicious server can use V399

curl 7.69.1 CVE- 5.3 curl 7.61.0 through 7.76.1 V399

curl 7.69.1 CVE- 7.5 curl 7.7 through 7.76.1 V399