Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
A third party has recently made vendors aware of potential vulnerabilities in some Linux kernels including those used in the Sophos for Virtual Environments Security VM. We are updating Sophos for Virtual Environments to remove any risk to our customers from these vulnerabilities.
The following vulnerabilities have been identified:
This articles covers the actions required by customers to make sure that their Security VMs are no longer vulnerable to the above vulnerabilities. The following sections are covered:
Applies to the following Sophos products and versions Sophos For Virtual Environments
We are releasing an Sophos for Virtual Environments 1.3.2 in July 2019 to address these vulnerabilities. The version of Sophos for Virtual Environments will be 1.3.2 regardless of whether you use Sophos Central or Sophos Enterprise Console for management.
Once the release is complete your Security VMs will update automatically and following the update will be protected against the above vulnerabilities. However they will require a reboot for the full kernel security patches to take affect.
Customers are able to manually mitigate these vulnerabilities on Security VMs older than 1.3.2 by following the below steps:
sudo sysctl -w net.ipv4.tcp_sack=0
Note: This modification will need to be reapplied following every reboot of the Security VM until it is updated to 1.3.2
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.