UTM Up2Date 9.414 Released

Today we've released UTM 9.414. The release is now available for all via Up2Date servers.

Up2Date Information

News

  • Maintenance Release

Remarks

  • System will be rebooted

Bugfixes

  • NUTM-6646 [AWS, REST API] REST API panic when unlocking unlocked mutex
  • NUTM-6887 [AWS, REST API] REST API panic when inserting into node which is not of type array
  • NUTM-7173 [AWS, REST API] [RESTD] Selfmon cannot (re)start restd
  • NUTM-6708 [AWS] Cloud update not working with conversion deployments
  • NUTM-6727 [AWS] AWS_CONVERSION_PRE_CHECK_FAILED (Pre-check failed: 127.)
  • NUTM-6814 [AWS] Rest API is accessible with default password if basic setup has not completed
  • NUTM-7032 [AWS] SignalException not handled for SecurityGroupsManagement#update
  • NUTM-7055 [AWS] queen_configuration_management / aws_resource_management SIGUSR1 handling
  • NUTM-7056 [AWS] LocalJumpError
  • NUTM-7057 [AWS] aws_set_sd_check AWS::EC2::Errors::RequestLimitExceeded
  • NUTM-7061 [AWS] Connection refused - connect(2) for "localhost" port 4472
  • NUTM-7374 [AWS] Link to RESTful API documentation
  • NUTM-7442 [Access & Identity, RED] [RED] 3G Failback with RED15(w) not working if DHCP server is shutting down
  • NUTM-3240 [Access & Identity] Update RED10, RED15, RED50 OpenSSL to most current version
  • NUTM-4852 [Access & Identity] [RED] flock() on closed filehandle $fhi at /</var/confd/confd.plx>Object/itfhw/red_server.pm line 563.
  • NUTM-5925 [Access & Identity] [RED] prevent configuration for VLAN for Split modes
  • NUTM-6387 [Access & Identity] HTML5 VNC connection not disconnecting
  • NUTM-6504 [Access & Identity] OpenVPN 2.4.0 deprecated option "tls-remote"
  • NUTM-6606 [Access & Identity] Re-occuring issues with the Sophos UTM Support access
  • NUTM-6668 [Access & Identity] [IPsec] L2TP/Cisco policy changes do not update ipsec.conf
  • NUTM-6749 [Access & Identity] RED15w does not send split DNS traffic over RED tunnel
  • NUTM-7111 [Access & Identity] Multiple open vulnerabilities in libvncserver
  • NUTM-7157 [Access & Identity] VPN users not being created when backend AD group is used
  • NUTM-7295 [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
  • NUTM-7350 [Access & Identity] [RED] USB stick E3372 does not work with RED 15
  • NUTM-7377 [Access & Identity] Remote Access tab won't load after selecting the OTP Token tab in the User Portal
  • NUTM-7774 [Access & Identity] HTML5 - Mouse not working on Touch Devices
  • NUTM-7874 [Access & Identity] Openvpn: DoS due to Exhaustion of Packet-ID counter (CVE-2017-7479)
  • NUTM-5965 [Basesystem] Sensors command on SG125w doesn't show hardware fan RPM
  • NUTM-6468 [Basesystem] BIND Security update (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)
  • NUTM-6718 [Basesystem] Update NTP to 4.2.8p9
  • NUTM-6847 [Basesystem] BIND Security update (CVE-2017-3135)
  • NUTM-6956 [Basesystem] Hardware LCD screen: IP address of ports other than eth0 cannot be changed through LCD
  • NUTM-7626 [Basesystem] BIND Security update (CVE-2017-3136, CVE-2017-3137)
  • NUTM-7646 [Basesystem] NTP Security update (CVE-2017-6458, CVE-2017-6460)
  • NUTM-7742 [Basesystem] Update Appctrl (4.4.1.21)
  • NUTM-5658 [Confd] Stripped restore unaccessable if default internal interface is removed
  • NUTM-6976 [Confd] Privilege escalation though LOGAUDITOR and REPORTAUDITOR
  • NUTM-7160 [Confd] "&" sign in RADIUS secret will be converted into "&amp;"
  • NUTM-7636 [Confd] If changing name in REF_DefaultSuperAdmin 'Admin reset password' page is not presented
  • NUTM-3062 [Email] Mails from mail spool get quarantined because of "500 Max connection limit reached" in cssd
  • NUTM-3513 [Email] MIME type filter doesn't detect real mime type
  • NUTM-3516 [Email] POP3 prefetch sometimes stops working
  • NUTM-3669 [Email] SMTP Proxy vulnerable by TLS renegotiation (CVE-2011-1473)
  • NUTM-3671 [Email] SPX encrypted messages are vulnerable to access without proper authentication
  • NUTM-3677 [Email] Maildrop locked for account_id
  • NUTM-4324 [Email] Changing Email Protection settings fails with Sandstorm enabled and trial expired
  • NUTM-5350 [Email] Per user blacklist does not apply until smtp service restarts
  • NUTM-5545 [Email] Quarantine report can't be enabled under some circumstances
  • NUTM-5823 [Email] Scanner timeout or deadlock for all mails with a .scn attachment
  • NUTM-5892 [Email] SMTP Exception doesn't allow '&' sign within the email address
  • NUTM-6135 [Email] DLP custom expression doesn't get triggered if the email body contains certain strings
  • NUTM-6355 [Email] Email not blocked with expression list
  • NUTM-6379 [Email] Frequent cssd coredumps
  • NUTM-6986 [Email] Sender blacklist doesn't allow '&' sign within the email address
  • NUTM-7220 [Email] WAF reporting virus found when AV engine on the UTM is updating
  • NUTM-7625 [Email] SMTP DLP expressions do not trigger under specific condition
  • NUTM-7722 [Email] mailbox_size_limit is smaller than message_size_limit in notifier log
  • NUTM-4474 [Kernel] Kernel panic - not syncing: Fatal exception in interrupt
  • NUTM-6358 [Kernel] Kernel: unable to handle kernel NULL pointer dereference at 0000000000000018
  • NUTM-3170 [Network] Time-base access for wireless is dropping ipsec-routes and not creating them again
  • NUTM-4969 [Network] Uplink does not recover from error state
  • NUTM-5314 [Network] 10gb SFP+ flexi module interface fails when under load
  • NUTM-6077 [Network] Static route on bridge interface disappears after rebooting the UTM
  • NUTM-6807 [Network] SSL VPN not being redistributed into OSPF
  • NUTM-6901 [Network] Eth0 is removed while configuring bridge interface
  • NUTM-6992 [Network] OSPF re-announcing static routes
  • NUTM-7044 [Network] Disable a VLAN associated with the WAN interface breaks the complete communication
  • NUTM-7439 [Network] nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
  • NUTM-7395 [RED] [RED] Split networks/domains fields not shown when editing RED10/15
  • NUTM-7491 [RED] WARNING: CPU: 0 PID: x at net/core/dst.c:293 dst_release+0x30/0x51()
  • NUTM-7060 [Reporting] Search in reports doesn't work if the username contains only numbers
  • NUTM-6651 [Sandboxd] All sandstorm tagged mails get stuck in "Sandstorm scan pending"
  • NUTM-6930 [WAF] WAF not responding after reboot of the AWS UTM
  • NUTM-6522 [WebAdmin] SMC Test failed after Settings are applied
  • NUTM-6617 [WebAdmin] Search for Network Definitions breaks in Chrome with over 1000 objects
  • NUTM-7203 [WebAdmin] Issue with password field UTM - SMC WebAdmin configuration
  • NUTM-7652 [WebAdmin] Not possible to download different SSL VPN User Profiles in one Firefox Session
  • NUTM-7870 [WebAdmin] Comment not displayed for Time Period definition
  • NUTM-5794 [Web] IPv6 fallback to IPv4 doesn't work
  • NUTM-6467 [Web] FTP connection fails when using transparent FTP Proxy
  • NUTM-6502 [Web] HTTP Proxy coredumping with EC CA certificate
  • NUTM-6532 [Web] AD Users are prefetched in lowercase letters
  • NUTM-6809 [Web] URL category name "Potiental Unwanted Programs" spelling mistake on sophostest.com
  • NUTM-6848 [Web] HTTPS warn behaviour when "Block all content, except..." is selected
  • NUTM-6867 [Web] New httpproxy coredumps after update to v9.411 - ReleaseToCentralCache
  • NUTM-7076 [Web] UTM not updating AD group definition
  • NUTM-7167 [Web] OTP Using AD Backend Membership - duplicates user when capital letters are used in the username
  • NUTM-7321 [Web] Non existent or non proxy users are able to create SSL webfilter exceptions
  • NUTM-7367 [Web] Difference between web_filter templates and default templates in web filter
  • NUTM-5612 [WiFi] Manual channel selection not possible in both bands for SG W appliances
  • NUTM-5638 [WiFi] RED15w - integrated AP isn't shown as pending in transparent / split mode
  • NUTM-5786 [WiFi] RED15w - if more then one SSID is configured only one is working correctly
  • NUTM-6215 [WiFi] Issue when roaming between wireless with some clients
  • NUTM-6335 [WiFi] VLAN fallback not working for integrated AP from RED15w
  • NUTM-6448 [WiFi] AP55 stuck as inactive
  • NUTM-6511 [WiFi] AP does not get IP address on 100 Mbit ethernet link
  • Apparently 9.501-5 has required admins to disconnect and rejoin ActiveDirectory for SSO to work.   Has this version been tested for similar problems?

  • AD SSO:

    Problem:

    Our user got a "Authentication failed" message and no web access was possible (standard mode with AD SSO active).

    Solution:

    I removed the UTM from the Active Directoy domain and deleted the UTMs computer account in the Active Directory. I then rejoined the domain and AD SSO was a back alive.

  • Problem not solved, there's still the AD-SSO-Error

  • Can confirm, just been advised to rollback to 9.413 if I don't wish to re-authenticate against AD every 24 hours