We are currently running ASA9.0(3)ED on our firewalls. This is the latest release in the 9.0 train on the downloads page, dated 22/07/2013
The bug above is in the latest set of advisories released 13/10/2013
The bug states that it was first found in 9.0(3.2), first fixed in 9.0(3.5) and the latest interim release available for download is 9.0(3.6)
The interim releases are presumably released after the original ASA9.0(3)ED date? Is this correct?
This particular bug is not mentioned in the release notes for the latest interim release. It would be good to be able to see the release notes for the 9.0(3.5) release, which is where it should be documented
My fundamental question is can we assume that the version we are using is effectively 9.0(3.0) and therefore not vulnerable?
Any help would be appreciated