01-12-2023 07:46 AM - edited 01-12-2023 07:49 AM
Hello Everyone,
In general, what is the industry practice to patch vulnerabilities in the PAN-OS. From time to time, Palo Alto release PAN-OS upgrades versions. However, with each new version there are known issues. Some of the known issues are fixed via the next new PAN-OS version and some of the known issues are not fixed by upgrades. For example, PAN OS version 10.1.4-h4 has lot of known issues and two of the high-risk issues (a - https://security.paloaltonetworks.com/CVE-2022-0024 b - https://security.paloaltonetworks.com/CVE-2022-0028 ) were fixed by much later version of PAN-OS.
In interim, till Palo upgrades the PAN-OS version to fix known issues from prior version, what is a general (best) practice to deal with the known issues?
Does every one wait for Palo to release new PAN-OS version or try to fix high risk issues such as two examples above alternatively.
01-12-2023 07:53 AM
Palo Alto TAC is keeping track of preferred releases.
10.1.x branch preferred release is 10.1.8-h2
It is always smart to check known issues for specific release before upgrade.
01-12-2023 08:08 AM
01-12-2023 07:53 AM
Palo Alto TAC is keeping track of preferred releases.
10.1.x branch preferred release is 10.1.8-h2
It is always smart to check known issues for specific release before upgrade.
01-12-2023 08:03 AM
@Raido_Rattameister Thank you for the response. It seems access to the link above is denied.
01-12-2023 08:08 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
