SFOS 16.05.7 MR7 Released

Hi XG Community!

We've finished SFOS v16.05.7 MR7. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.

The release is available to all SFOS version via MySophos portal.

Issues Resolved

  • NC-19720 [API] SQL Injection: Application filter add type
  • NC-19721 [API] SQL Injection: Proxy port config
  • NC-19775 [API] SQL Injection: User add/edit
  • NC-20840 [Authentication] SATC: users logged in and logged out continuously
  • NC-19420 [Base System] "Don't register yet " link is not shown in Chinese language
  • NC-19520 [Base System] Hotfix applied multiple times in SF device
  • NC-19558 [Base System] Add kernel patch for 'Stack Clash'
  • NC-19920 [Base System] Several vulnerabilitiy patches for Dropbear (CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406)
  • NC-20753 [Base System] Changing of "admin" password in SFM does not replicate to the XG device and device is inaccessible due to password missmatch
  • NC-21237 [Base System] Linux Kernel vulnerability "Dirty Cow" (CVE-2016-5195)
  • NC-19330 [Firewall] XG live logs show packets out of time order
  • NC-19659 [Firewall] Invalid IP Host import fails but leaves invalid db entries causing system framework failure
  • NC-19674 [Firewall] Unidentified user usage from identity based rule
  • NC-20343 [Firewall] Wrong GeoIP classification for some IP addresses
  • NC-19745 [Hotspot] Hotspot custom voucher is changed to default upon hotspot update
  • NC-19956 [Localization] XG translation error on the firewall policies page for Brazilian (PT-BR) language
  • NC-19300 [Mail Proxy] Unable to parse or decode the contents of the email when the banner contains bare LF
  • NC-19354 [Mail Proxy] Quarantined Emails are not visible in Webadmin
  • NC-19829 [Mail Proxy] Email are bounced with SMTP/s scanning and RBL enabled
  • NC-19873 [Mail Proxy] XG inconsistent NDR notification behaviour
  • NC-19901 [Mail Proxy] Attachment name causing awarrentmta to stop
  • NC-20490 [Mail Proxy] SMTP Quarantine data doesn't load in User Portal for all users
  • NC-20784 [Mail Proxy] SMTP Quarantine data is not loading
  • NC-19621 [Network Services] nslookup / dnslookup commands not using specified server
  • NC-19136 [Networking] Incorrect information in System Graphs for bandwidth usage
  • NC-19598 [Networking] Gateway failover not working
  • NC-19750 [Networking] IPv6 Policy Route not removed from system when gateway is deleted
  • NC-19716 [UI] SQL Injection: Current Activities
  • NC-19753 [UI] SQL Injection: filter function
  • NC-19540 [WAF] WAF - Fix CVE-2017-7679: mod_mime buffer overread
  • NC-19717 [WAF] SQL injection: IPS backend server add
  • NC-19718 [Web] SQL Injection: Proxy file type add
  • NC-20787 [Web] Proxying is allowed through port 8090
  • NC-19719 [Wireless] Blind code execution: Access point edit

Downloads

You can find the firmware for your appliance from in MySophos portal.

  • Can you please elaborate on the severity of some of these sql injections. Also, wanted to know the reason why we are still patching dirty cow and other dropbear CVEs that have been patched long ago upstream

    NC-19720 [API] SQL Injection: Application filter add type

    NC-19721 [API] SQL Injection: Proxy port config

    NC-19775 [API] SQL Injection: User add/edit

    NC-19558 [Base System] Add kernel patch for 'Stack Clash'CVE-2017-1000364

    NC-19920 [Base System] Several vulnerabilitiy patches for Dropbear (CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406)

    NC-21237 [Base System] Linux Kernel vulnerability "Dirty Cow" (CVE-2016-5195)

    NC-19716 [UI] SQL Injection: Current Activities

    NC-19753 [UI] SQL Injection: filter function

    NC-19540 [WAF] WAF - Fix CVE-2017-7679: mod_mime buffer overread

    NC-19717 [WAF] SQL injection: IPS backend server add

    NC-19718 [Web] SQL Injection: Proxy file type add

    NC-20787 [Web] Proxying is allowed through port 8090

    NC-19719 [Wireless] Blind code execution: Access point edit

  • Hi

    I have updated to MR7 ,Then found that incoming mail are not coming . So rolled back to MR6.

    BR

    Vishvas

  • Are the STAS issues of SFOS v16.05.6 MR6 patched?

  • Surprising to see that the issue of apostrophes in users displayNames has still not been resolved. It's almost like Scottish and Welsh people don't exist...

  • Same as VishvasChitale here: After update, inbound SMTP connections are very unreliable. Rolled back to MR6 :-(

  • Hi guys,

    Any positive feedback? (SMTP excluded)

    Thank you.

  • Do NOT apply this patch.

    It is going to break a lot of things.

    Authentication included.

    Just ended now a long call with the support.

  • Any changes to the webfiltering engine and DB ?

  • Any other people that suffered for SMTP issues ?

  • You guys did change the whole Setup Process to a new Wizzard! Why did you not notice this in Release Notes? Release notes should not only inform about Bugs which are fixed, it should also inform about changes you made.

  • , I believe the SQL injections are largely from an intensive internal bug hunt, and came from source code review, rather than external reporting. As for Dirty COW, while Linux was vulnerable, XG Firewall, was not. The attack was possible, but useless on XG. Patching this now is just a matter of good hygene.

  • [SMTP Status] 421 4.3.2 The maximum number of concurrent connections has exceeded a limit, closing transmission channel

    [SMTP Status] 451 4.7.0 Timeout waiting for client input

    Rolled back to MR-6.

  • We also had issues with emails being dropped or bounced so we rolled back to MR6.

  • Same... Had issues with incoming SMTP. Rolled back to MR5 after a 2 hour phone call with support at 3am. ARRRRGH.