Yesterday (Aug 11), I was able to download the upgrade package for MARS release 6.0.8. I happened to look at the same page today, and that update is now gone. It was removed from both the "Software Download" page and the "Recovery Images" page. However, the Release Notes for this release are still available.
Has this release been pulled purposely? Or was posting it in the first place an accident?
Essentially -- should I avoid loading update 6.0.8(3427)?
I received an update from the MARS development team. We're aiming to have 6.0.8 reposted hopefully mid-next week or early the week after. This date could slip of course, but that's the current plan.
He suggested that you hold off on applying the 6.0.8 that you downloaded and that you'd probably be better off waiting for the reposted version when it's available.
This is the bug that was introduced into 6.0.8, CSCti30953 - "MARS parses reporting IP of SNMP traps incorrectly as 0.0.0.0".
In reading through the bug description, it looks like this could affect any reporting device that uses SNMP traps to send to MARS, not just CSA. So, if you're not relying on SNMP traps from any of your reporting devices, you may be ok with applying this service pack. This issue does not appear to cause problems for Syslog or Netflow events, just SNMP trap events.
That being said, I'd probably still hold off on applying it until I can confirm that your only concern with this release would be SNMP traps. I've just asked the MARS development team this question, and I've also asked for an ETA on re-posting of 6.0.8. I'll let you know what I hear back.
Yes, it was pulled from CCO because a newly identified showstopper bug was unfortunately introduced into 6.0.8. This new bug breaks parsing of Cisco Security Agent events.
The MARS business unit is currently scoping out a fix for this, and 6.0.8 won't be re-posted until the fix has been validated. I don't have an ETA on this as it's still being looked into.
If you've already installed 6.0.8, please contact Cisco TAC. Cisco is also working on a patch to apply for those customers that may have already upgraded to 6.0.8.