Tag Archives: VPN

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.3 Build # 339420

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.3 Build # 339420

Fireware XTM OS 11.5.3 Build # 339420 Resolves the following issues:

Minor enhancements

• Changes to the routes section of the Firebox System Manager Status Report to improve consistency in the way IPv4 and IPv6 routes are displayed.

• New IP address validity checking in Mobile VPN configurations to help prevent common errors with overlapping IP addresses.

General

• An instability issue found on some XTM 2 devices, where the device could pass traffic normally but could not be managed with WSM or Web UI, has been fixed. [64546]

• A Support Snapshot (a support.tgz file) can now be correctly saved to a USB drive. [64897]

Policy Manager

• You can now use an IP address with a leading zero (10.19.09.0 vs 10.19.9.0) without causing branch office VPN failures. [65189]

• Policy Manager now updates the Mobile VPN with IPSec policies when the configured Virtual IP Address Pool is changed. [65241]

Authentication

• The Event Log Monitor has been enhanced to more effectively retrieve group information in a clientless SSO environment. [65300]

• The SSO Client now responds appropriately when a client computer resumes from a hibernate or sleep state. [65561]

• In the SSO Setup Wizard, the Event Log Monitor check box is now clear by default. [65825]

• The SSO Agent can now correctly load configuration information when the network interface is unavailable. [65802]

Proxies

• HTTP proxy performance has been improved when downloading very large files. [65967]

• A chunking handling issue in the HTTP proxy has been resolved. [65505]

• The SMTP proxy now correctly detects a multi-line 550 response as a valid response. [64463]

• When you use TLS with the default optional allowed rules in the SMTP proxy, email messages can now be delivered successfully to mail servers that do not support TLS. [64650]

• A SIP ALG memory leak issue has been resolved. [65749]

• The SIP ALG now allows provisional ACKs. [65247]

• A problem that caused the SIP ALG to crash has been resolved. [60222]

Security Services

• Gateway AV now detects password-encrypted virus attachments as scan errors. [65047]

• Gateway AV signature update memory utilization has been optimized in this release. This prevents Gateway AV scanning failures caused by a lack of memory. [64940, 64511, 62222]

• The HTTP response no longer stalls when both Gateway AV and RED are enabled. [65877]

• The UTF8 encoded X-WatchGuard-AntiVirus header no longer breaks attachments with long file names. [64883]

• WebBlocker can now correctly fail over to a configured backup server. [65211]

Centralized Management

• Device configuration templates that contain a TCP-UDP proxy policy and a WebBlocker action now work correctly with WatchGuard devices running Fireware XTM v11.3.x. [65408]

Logging & Reporting

• The frequently seen log message: “failed to get routing rules” has been suppressed. [65463]

• A problem that caused log messages to take up to 15 minutes to fail over to a backup Log Server in some networks has been resolved. [62275]

• The Log Collector can now gracefully recover from errors related to a lack of shared memory. [65101]

• Report Manager no longer shows “500 Internal Server Error” when you try to get access to device reports on February 29th of a calendar leap year. [65735]

• Report Manager can now successfully generate PDF output for reports that contain a bar chart. [65099]

• Report Server no longer stops responding to requests while it generates ConnectWise reports data. [65725]

• The Application Usage and Blocked Applications reports no longer display the incorrect IP address value in the y-axis. [65302]

• You can now specify “https://” as part of the ConnectWise Server address without causing WatchGuard Server Center to fail. [64712]

Networking

• Configuration files that include a large number of 1-to-1 NAT entries no longer cause a traffic interruption when saved. [60037]

• A problem that caused a significant memory spike when you configured the DHCP server lease time to one second has been resolved. [65242]

• A problem that caused XTM device performance degradation to occur on devices configured with at least one VLAN interface and many secondary IP addresses has been resolved. [65591]

FireCluster

• A problem that could cause members in a cluster to lock up until rebooted has been resolved. This problem would only occur on a cluster for which proxies were configured. [61091]

• A crash that could occur when one or more connections spanned multiple failovers (at least two failovers in a row) has been corrected. [66008, 66177]

• A problem that could cause connections to time out prematurely has been corrected. In most cases, the symptom would be the disruption of a service (e.g. an FTP download would fail). The problem could affect connections assigned to the non-master of an Active/Active cluster or connections assigned to the new master of an Active/Passive cluster following a failover. [66110]

• Log messages about a FireCluster reboot have been improved to include the reason for the reboot. [65115]

• A problem that prevented a FireCluster failover from occurring because of an error in interpreting the health of the FireCluster Monitored Port has been resolved. [65441]

• An Application Control bug that caused both members of an active/passive FireCluster to reboot has been resolved. [65770]

Mobile VPN with SSL

• Policy Manager and Web UI now display a warning message if Mobile VPN with SSL is enabled and the external IP address of the XTM device is modified. [65806]

• A problem that caused the Mobile VPN with SSL client to crash when connecting from a computer using the Mac OSX 64-bit operating system has been resolved. [65776]

• The Mobile VPN with SSL client running on a computer using Windows 7 64-bit OS can now operate correctly with a third-party web server certificate. [65535]

Mobile VPN with IPSec

• The Mobile VPN with IPSec Shrew Soft client can now connect to an XTM device configured with a static IP address. [64920]

Branch Office VPN

• The latency of packets that traverse a branch office VPN tunnel has been improved. [65333]

• This release resolves a problem that caused an IKEd stacktrace issue in FireCluster. [63108, 65292]

CLI

• You can now use the CLI vlan-id command with the “external dhcp” option successfully. [65478]

• The CLI show sysinfo command now displays the correct CPU utilization values. [64521]

You can download Fireware XTM OS 11.5.3 Build # 339420 from the Watchguard website.

Please note that Watchguard XTM OS releases are cumulative so you should only need to apply the latest OS to ensure that you also have any previous fixes/features.

[RESOLVED] Google Android ICS 4.0, 4.01 or 4.02 – Handset Crashes and Reboots when you try to connect to an IPSec Xauth PSK VPN over the 3G Mobile Network

You may find that your Google Android ICS 4.0, 4.01 or 4.02 Smart Phone crashes and reboots when you try to connect to an IPSec Xauth PSK VPN over the 3G Mobile Network.  This has been seen to occur with Watchguard and Cisco VPN connections and is related to a glitch in the Google Android Modem Driver.

You will need to wait for an Over the Air update to Google Android 4.0.3 for the issue to be resolved, if this issue is severely affecting you then you may be able to contact your moile network carrier and/or the handset manufacturer to arrange to have the phone updated earlier.

Further information about this issue can be found here: http://code.google.com/p/android/issues/detail?id=23404&can=1&q=vpn%20xauth&colspec=ID Type Status Owner Summary Stars

Tcpip.sys – Pre Service Pack 2 Revision History for Windows Server 2008 R2 SP1, Windows 7 SP1 and Windows Small Business Server 2011 (SBS 2011)

Tcpip.sys – Pre Service Pack 2 Revision History for Windows Server 2008 R2 SP1, Windows 7 SP1 and Windows Small Business Server 2011 (SBS 2011)

05-Feb-2014 – 6.1.7601.22590 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2918550 – Computer leaks nonpaged pool memory when IPSEC traffic is configured to use AuthIP without encryption in Windows

05-Nov-2013 – 6.1.7601.22502 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2905412 – Stop error 0xD1 on a Windows-based computer with multiple processors

10-Oct-2013 – 6.1.7601.22477 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2896146 – Packet loss occurs when MTU is below 576 and PMTU discovery is enabled on your Windows 7 SP1 or Windows Server 2008 R2 SP1

09-Oct-2013 – 6.1.7601.22476 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2885980 – FIX: A memory leak condition occurs when the FwpsAllocateCloneNetBufferlist() API is called

08-Sep-2013 – 6.1.7601.18254 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2885980 – FIX: A memory leak condition occurs when the FwpsAllocateCloneNetBufferlist() API is called

06-Sep-2013 – 6.1.7601.22443 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2885978 – 0x0000007F Stop error on a Windows-based computer

04-Sep-2013 – 6.1.7601.22441 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2885976 – User application freezes on a Windows-based computer that uses the WFP

04-Sep-2013 – 6.1.7601.18251 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2885976 – User application freezes on a Windows-based computer that uses the WFP

13-Jul-2013 – 6.1.7601.22383 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2871565 – “C000021B” error when you inject an NBL that contains multiple net buffers in Windows 7 SP1 or Windows Server 2008 R2 SP1

13-Jul-2013 – 6.1.7601.18209 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2871565 – “C000021B” error when you inject an NBL that contains multiple net buffers in Windows 7 SP1 or Windows Server 2008 R2 SP1

06-Jul-2013 – 6.1.7601.22378 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2868623 – MS13-065: Vulnerability in ICMPv6 could allow denial of service: August 13, 2013

06-Jul-2013 – 6.1.7601.18203 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2868623 – MS13-065: Vulnerability in ICMPv6 could allow denial of service: August 13, 2013

11-Jan-2013 – 6.1.7601.22215 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2524732 – An IPsec connection to back-end databases from a WTT application times out in Windows 7 or in Windows Server 2008 R2

10-Jan-2013 – 6.1.7601.22214 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2459530 – Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used

10-Jan-2013 – 6.1.7601.18048 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2459530 – Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used

04-Jan-2013 – 6.1.7601.22209 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2790655 – MS13-018: Vulnerability in TCP/IP could allow denial of service: February 12, 2013

03-Jan-2013 – 6.1.7601.18042 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2790655 – MS13-018: Vulnerability in TCP/IP could allow denial of service: February 12, 2013

30-Nov-2012 – 6.1.7601.22177 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2789968 – “0x000000D1” Stop error after you install the WDK WFP “inspect” sample in Windows 7 or Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.22176 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2789397 – Data corruption and network issues when you run a WFP-based application on a computer that is running Windows

29-Nov-2012 – 6.1.7601.22176 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2789378 – Memory leak when an application uses the FwpsNetBufferListAssociateContext0 function in Windows 7 or Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.22176 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2788573 – “0x00000050” Stop error when you run a WFP-based application to register a callout routine in Windows 7 or Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.22176 – Tcpip.sys – x64 – http://support.microsoft.com/kb/2787847 – “0x000000D1” Stop error when a storage array is attached to a network environment and running Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.18014 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2789397 – Data corruption and network issues when you run a WFP-based application on a computer that is running Windows

29-Nov-2012 – 6.1.7601.18014 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2789378 – Memory leak when an application uses the FwpsNetBufferListAssociateContext0 function in Windows 7 or Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.18014 – Tcpip.sys – x64 – http://support.microsoft.com/kb/2787847 – “0x000000D1” Stop error when a storage array is attached to a network environment and running Windows Server 2008 R2

28-Nov-2012 – 6.1.7601.22175 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2785146 – Data is corrupted when there is insufficient memory on a Windows-based computer

23-Nov-2012 – 6.1.7601.22172 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2741850 – TCP SACK option is always set to “true” after you enable the TCP/IP Offloading feature in Windows 7 or in Windows Server 2008 R2

18-Oct-2012 – 6.1.7601.22137 – Tcpip.sys – x86/x64 – https://support.microsoft.com/kb/2775511 – An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1

03-Oct-2012 – 6.1.7601.22124 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2750841 – An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2

03-Oct-2012 – 6.1.7601.17964 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2750841 – An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2

12-Sep-2012 – 6.1.7601.22112 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2754804 – FTP client does not establish a passive-mode FTP connection to an IPv4 FTP server in Windows 7 or in Windows Server 2008 R2

12-Sep-2012 – 6.1.7601.17954 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2754804 – FTP client does not establish a passive-mode FTP connection to an IPv4 FTP server in Windows 7 or in Windows Server 2008 R2

06-Sep-2012 – 6.1.7601.22108 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2738401 – Raw packet is discarded after a UDP broadcast packet is received on a computer that is running Windows 7 or Windows Server 2008 R2

20-Jul-2012 – 6.1.7601.22067 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2735855 – Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

20-Jul-2012 – 6.1.7601.17911 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2735855 – Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

14-Jul-2012 – 6.1.7601.22056 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2727330 – Default gateway is set to 0.0.0.0 if you start a Windows 7-based or Windows Server 2008 R2-based computer from an iSCSI boot device

14-Jul-2012 – 6.1.7601.17900 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2727330 – Default gateway is set to 0.0.0.0 if you start a Windows 7-based or Windows Server 2008 R2-based computer from an iSCSI boot device

09-Jul-2012 – 6.1.7601.22047 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2733445 – Incorrect time is displayed in a device that uses ICMP to synchronize time information with a Windows 7-based or Windows Server 2008 R2-based computer

09-Jun-2012 – 6.1.7601.22015 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2722392 – “0x000000F4” Stop error when you run the Device Fundamental tests in Windows 7 or in Windows Server 2008 R2

30-Mar-2012 – 6.1.7601.21954 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2688338 – MS12-032: Vulnerability in TCP/IP could allow elevation of privilege: May 8, 2012

30-Mar-2012 – 6.1.7601.17802 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2688338 – MS12-032: Vulnerability in TCP/IP could allow elevation of privilege: May 8, 2012

09-Mar-2012 – 6.1.7601.21939 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2665206 – Slow performance when you enable IPsec encryption on a specific TCP port number in Windows 7 or in Windows Server 2008 R2

11-Feb-2012 – 6.1.7601.21921 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2675785 – Data transfer speed is slow in Windows 7 or in Windows Server 2008 R2

01-Feb-2012 – 6.1.7601.21912 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2665809 – You cannot exclude ports by using the ReservedPorts registry key in Windows Server 2008 or in Windows Server 2008 R2

07-Jan-2012 – 6.1.7601.21893 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2553549 – All the TCP/IP ports that are in a TIME_WAIT status are not closed after 497 days from system startup in Windows Vista, in Windows 7, in Windows Server 2008 and in Windows Server 2008 R2

03-Jan-2012 – 6.1.7601.21889 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2661010 – IP packets are not routed through a Windows Server 2008 R2–based LAN router in a VLAN environment

21-Dec-2011 – 6.1.7601.21881 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2639793 – “0x000000C2” Stop error occurs when you use IPsec on a computer that is running Windows Server 2008, Windows Vista, Windows Server 2008 R2 or Windows 7 in a network that uses IPsec NAT-T security

02-Nov-2011 – 6.1.7601.21853 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2639824 – Multicast packets are dropped in Windows 7 or in Windows Server 2008 R2

06-Oct-2011 – 6.1.7601.21833 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2621067 – The first-returned IP address is incorrect when you use the getaddrinfo function on a multi-homed computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2

01-Oct-2011 – 6.1.7601.21830 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2582281 – Slow failover operation if no router exists between the cluster and an application server

29-Sep-2011 – 6.1.7601.21828 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2588516 – MS11-083: Vulnerability in TCP/IP could allow remote code execution: November 8, 2011

13-Aug-2011 – 6.1.7601.21789 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2582284 – New VPN connections establish a session that has a smaller MTU value than expected in Windows Server 2008 R2 or in Windows 7

13-Aug-2011 – 6.1.7601.21789 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2459530 – Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used

12-Jul-2011 – 6.1.7601.21768 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2570170 – Performance issue when you enable the AuthNoEncap policy to handle large payloads in a network environment in Windows 7 or in Windows Server 2008 R2

18-Jun-2011 – 6.1.7601.21751 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2569391 – IPv6 DAD state does not switch back to Preferred state from Deprecated state in Windows Vista, in Windows Server 2008, in Windows 7, or in Windows Server 2008 R2

25-May-2011 – 6.1.7601.21734 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2469100 – Manually added route table entries are deleted unexpectedly when you delete an additional IP address in Windows Vista, in Windows 7, in Windows Server 2008 or in Windows Server 2008 R2

10-May-2011 – 6.1.7601.21724 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2523881 – You cannot establish an IPsec tunnel to a computer that is running Windows 7 or Windows Server 2008 R2 through a NAT device

06-May-2011 – 6.1.7601.21722 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2547057 – IP packets are not routed through a Windows Server 2008 R2–based LAN router in a VLAN environment

22-Apr-2011 – 6.1.7601.21710 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2524732 – An IPsec connection to back-end databases from a WTT application times out in Windows 7 or in Windows Server 2008 R2

19-Mar-2011 – 6.1.7601.21687 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2511305 – Network throughput is not scaled up correctly if high-bandwidth PCI Express adapters and four or more processor sockets are used in Windows Server 2008 R2

19-Mar-2011 – 6.1.7601.21687 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2519736 – Stop error message in Windows Server 2008 R2 SP1 or in Windows 7 SP1: “STOP: 0x0000007F”

19-Mar-2011 – 6.1.7601.21687 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2525390 – The SACK option is always set to “true” even if network adapter does not support SACK for offloaded connections in Windows 7 or in Windows Server 2008 R2

17-Mar-2011 – 6.1.7601.21685 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2519644 – Stop code in the tcpip.sys driver on a computer that is running Windows Server 2008 R2: 0x000000D1

05-Mar-2011 – 6.1.7601.21675 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2470853 – IGMP v1 membership report packets are sent to incorrect destinations on a computer that is running Windows Server 2008, Windows Vista, Windows 7 or Windows Server 2008 R2

20-Jan-2011 – 6.1.7601.21645 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2472264 – You cannot customize some TCP configurations by using the netsh command in Windows Server 2008 R2

17-Jan-2011 – 6.1.7601.21643 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2477730 – The TCP Chimney Offload feature fails on all network adapters in Windows Server 2008 R2 or in Windows 7 if you disable or change the properties of a network adapter

15-Jan-2011 – 6.1.7601.21642 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2465772 – An application or service that uses Winsock API or Winsock Kernel API may randomly stop responding in Windows Server 2008 R2 or in Windows 7

18-Dec-2010 – 6.1.7601.21624 – Tcpip.sys – x86/x64 – http://support.microsoft.com/kb/2465408 – Applications or services cannot update their routing tables after they receive route change notifications in Windows Server 2008 R2 or in Windows 7

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

11.5.1 – CSP4 Build # 335367 Resolves the following issues:

BUG64669: Resolved a Firebox crash and reboot when using FireCluster.

BUG63793: Improved proxy debug logging when using FireCluster.

BUG63574: Proxy connections fail with logs showing: “failed to create new traffic spec” and “insert_tspec:XX index inuse?

BUG65026: Iked stack trace eip=0x080c4013 caused by Mobile VPN with IPSec connection.

BUG63860: snmpd memory leak

You can request 11.5.1 – CSP4 Build # 335367 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.