UTM Up2Date 9.501 Released

Today we've released UTM 9.501. The release is now available for all via Up2Date servers.

[Update]: This release contains all relevant fixes from UTM 9.414.

Up2Date Information

News

  • Maintenance Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes

  • NUTM-6868 [AWS, REST API] Missing trailing slash in Swagger URLs
  • NUTM-6908 [AWS, REST API] [RESTD] Consistent authentication look and feel
  • NUTM-7173 [AWS, REST API] [RESTD] Selfmon cannot (re)start restd
  • NUTM-7633 [AWS, REST API] Authentication with umlauts and some special characters not working
  • NUTM-6727 [AWS] AWS_CONVERSION_PRE_CHECK_FAILED (Pre-check failed: 127.)
  • NUTM-7374 [AWS] Link to RESTful API documentation
  • NUTM-7497 [AWS] selfmon complains about missing awslogsd during Up2Date
  • NUTM-7658 [AWS] Swagger UI XSS vulnerability
  • NUTM-7442 [Access & Identity, RED] [RED] 3G Failback with RED15(w) not working if DHCP server is shutting down
  • NUTM-6504 [Access & Identity] OpenVPN 2.4.0 deprecated option "tls-remote"
  • NUTM-6606 [Access & Identity] Re-occuring issues with the Sophos UTM Support access
  • NUTM-7111 [Access & Identity] Multiple open vulnerabilities in libvncserver
  • NUTM-7157 [Access & Identity] VPN users not being created when backend AD group is used
  • NUTM-7295 [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
  • NUTM-7350 [Access & Identity] [RED] USB stick E3372 does not work with RED 15
  • NUTM-7377 [Access & Identity] Remote Access tab won't load after selecting the OTP Token tab in the User Portal
  • NUTM-7448 [Access & Identity] SSLVPN: download of configuration for windows should use tls-remote option
  • NUTM-7774 [Access & Identity] HTML5 - Mouse not working on Touch Devices
  • NUTM-7874 [Access & Identity] Openvpn: DoS due to Exhaustion of Packet-ID counter (CVE-2017-7479)
  • NUTM-6956 [Basesystem] Hardware LCD screen: IP address of ports other than eth0 cannot be changed through LCD
  • NUTM-7067 [Basesystem] Update OpenSSH to openssh-6.6p1
  • NUTM-7069 [Basesystem] Linux: CVE-2017-6214: ipv4/tcp: infinite loop in tcp_splice_read()
  • NUTM-7626 [Basesystem] BIND Security update (CVE-2017-3136, CVE-2017-3137)
  • NUTM-7646 [Basesystem] NTP Security update (CVE-2017-6458, CVE-2017-6460)
  • NUTM-7742 [Basesystem] Update Appctrl (4.4.1.21)
  • NUTM-6978 [Confd] Configuration backups do not properly sanitize information
  • NUTM-7160 [Confd] "&" sign in RADIUS secret will be converted into "&"
  • NUTM-7636 [Confd] If changing name in REF_DefaultSuperAdmin 'Admin reset password' page is not presented
  • NUTM-3513 [Email] MIME type filter doesn't detect real mime type
  • NUTM-3516 [Email] POP3 prefetch sometimes stops working
  • NUTM-3669 [Email] SMTP Proxy vulnerable by TLS renegotiation (CVE-2011-1473)
  • NUTM-3671 [Email] SPX encrypted messages are vulnerable to access without proper authentication
  • NUTM-3677 [Email] Maildrop locked for account_id
  • NUTM-4324 [Email] Changing Email Protection settings fails with Sandstorm enabled and trial expired
  • NUTM-5388 [Email] Individual SMTP profiles not updated with changed global settings
  • NUTM-5545 [Email] Quarantine report can't be enabled under some circumstances
  • NUTM-6379 [Email] Frequent cssd coredumps
  • NUTM-6986 [Email] Sender blacklist doesn't allow '&' sign within the email address
  • NUTM-7220 [Email] WAF reporting virus found when AV engine on the UTM is updating
  • NUTM-7625 [Email] SMTP DLP expressions do not trigger under specific condition
  • NUTM-7722 [Email] mailbox_size_limit is smaller than message_size_limit in notifier log
  • NUTM-3170 [Network] Time-base access for wireless is dropping ipsec-routes and not creating them again
  • NUTM-6992 [Network] OSPF re-announcing static routes
  • NUTM-7044 [Network] Disable a VLAN associated with the WAN interface breaks the complete communication
  • NUTM-7439 [Network] nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
  • NUTM-7395 [RED] [RED] Split networks/domains fields not shown when editing RED10/15
  • NUTM-7491 [RED] WARNING: CPU: 0 PID: x at net/core/dst.c:293 dst_release+0x30/0x51()
  • NUTM-7060 [Reporting] Search in reports doesn't work if the username contains only numbers
  • NUTM-6651 [Sandboxd] All sandstorm tagged mails get stuck in "Sandstorm scan pending"
  • NUTM-4804 [WAF] Redirect to original requested path after form-based auth
  • NUTM-6930 [WAF] WAF not responding after reboot of the AWS UTM
  • NUTM-7178 [WAF] Segmentation fault in mod_xml2enc for multi-byte charsets
  • NUTM-7362 [WAF] Fix localization strings in Confd
  • NUTM-7698 [WAF] WAF URL redirection and Site path routing can be configured for the same path
  • NUTM-7806 [WAF] WAF - inconsistency with two or more site path routes for '/'
  • NUTM-7857 [WAF] Changing the order of real webservers in the virtual webserver edit form isn't working
  • NUTM-6617 [WebAdmin] Search for Network Definitions breaks in Chrome with over 1000 objects
  • NUTM-7652 [WebAdmin] Not possible to download different SSL VPN User Profiles in one Firefox Session
  • NUTM-7870 [WebAdmin] Comment not displayed for Time Period definition
  • NUTM-5794 [Web] IPv6 fallback to IPv4 doesn't work
  • NUTM-6502 [Web] HTTP Proxy coredumping with EC CA certificate
  • NUTM-6532 [Web] AD Users are prefetched in lowercase letters
  • NUTM-6809 [Web] URL category name "Potiental Unwanted Programs" spelling mistake on sophostest.com
  • NUTM-6848 [Web] HTTPS warn behaviour when "Block all content, except..." is selected
  • NUTM-6867 [Web] New httpproxy coredumps after update to v9.411 - ReleaseToCentralCache
  • NUTM-7076 [Web] UTM not updating AD group definition
  • NUTM-7167 [Web] OTP Using AD Backend Membership - duplicates user when capital letters are used in the username
  • NUTM-7321 [Web] Non existent or non proxy users are able to create SSL webfilter exceptions
  • NUTM-7367 [Web] Difference between web_filter templates and default templates in web filter
  • NUTM-5612 [WiFi] Manual channel selection not possible in both bands for SG W appliances