March 2008

ID: 3577
Date: 11/03/2008

---

Title: 3577 - Cisco introduces new publication schedule for Cisco IOS SecurityAdvisories
Platform level affected:Operating System
Hardware components affected:Network Router/Switch/Modem
Specific operating systems components affected: Cisco IOS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Other
Vendors affected:Cisco
Applications affected:Cisco Internetwork Operating System
Adversity source: Unknown
Attack Vector: Other
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Unknown
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: None
Source: Cisco
Reliability of source: Trusted
Source URL: www.cisco.com
Abstract: Cisco is announcing program changes for the publication schedule for Cisco Internetwork Operating System (IOS) Security Advisories.

Cisco is announcing program changes for the publication schedule for Cisco Internetwork Operating System (IOS) Security Advisories.

Starting on March 26, 2008, Cisco will release bundles of IOS Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

This schedule change will not restrict us from promptly publishing an individual IOS security advisory for a serious vulnerability which is publicly disclosed or for which we are aware of active exploitation.

Cisco is adopting this approach in response to extensive feedback from customers, who seek further predictability for support planning and deployment cycles.

The current format of IOS Security Advisories will remain the same. The software table in the advisory includes a list of recommended releases (where possible) for each software train that addresses all of the security vulnerabilities included in the bundle.

All other non-IOS Cisco security vulnerabilities will continue to be announced per Cisco's standard disclosure policy, available at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

This announcement is available at http://www.cisco.com/go/psirt.

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.