Fixed an issue where autocommits failed
when upgrading from a PAN-OS 8.1 release to a PAN-OS 9.1 release
due to large configurations with a high number of policies with
reference to IP addresses.
PAN-176661
Fixed an issue in Simple Certificate Enrollment
Protocol (SCEP) (CVE-2021-3060).
PAN-176655 and PAN-158334
A fix was made to address an OS command
injection vulnerability in the PAN-OS CLI that enabled an authenticated
administrator with access to the CLI to execute arbitrary OS commands
to escalate privileges (CVE-2021-3061).
PAN-176653
A fix was made to address an OS command
injection vulnerability in the PAN-OS web interface that enabled
an authenticated administrator with permissions to use XML API to
execute arbitrary OS commands to escalate privileges (CVE-2021-3058).
PAN-176618
A fix was made to address an OS command
injection vulnerability in PAN-OS that existed when performing dynamic
updates (CVE-2021-3059).
PAN-176461
Fixed an issue where a process (mdb)
stopped responding after downgrading from a PAN-OS 9.1 release to
an earlier release due to discrepancies in the mongodb process version.
To
utilize this fix, first install a PAN-OS 9.0 release on the web
interface, and then, prior to reboot, run the following CLI command: debug mongo clear instance mdb.
Running this command removes any historical operational data (such
as rule hit counts, monitoring data, and so on) collected on Panorama.
PAN-176131
Fixed an issue where the Simple Network
Management Protocol (SNMP) object identifier (OID) for panSessionCps did
not show the correct session count.
PAN-169173
Fixed an issue where, if you continuously
performed partial commits of a configuration with a high number
of Dynamic Address Groups, Panorama became unresponsive and commits
were slower than expected.
