A third party has recently made vendors aware of potential vulnerabilities in some Linux kernels including those used in the Sophos for Virtual Environments Security VM. We are updating Sophos for Virtual Environments to remove any risk to our customers from these vulnerabilities.
The following vulnerabilities have been identified:
This knowledge base articles covers the actions required from customers to make sure that their Security VMs are no longer vulnerable to the above vulnerabilities. The following sections are covered:
Applies to the following Sophos products and versions Sophos For Virtual Environments
To address these vulnerabilities, Sophos for Virtual Environments 1.3.2 has been released this July 2019. The version of Sophos for Virtual Environments will be 1.3.2, regardless of whether you use Sophos Central or Sophos Enterprise Console for management.
Once the release is complete, the Security VMs will update automatically. However, the SVMs will require a reboot for the full kernel security patches to take affect.
Customers can manually mitigate these vulnerabilities on Security VMs older than 1.3.2 by following the below steps:
sudo sysctl -w net.ipv4.tcp_sack=0
Note: This modification will need to be reapplied following every reboot of the Security VM until it has been updated to 1.3.2.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.