Hi XG Community!
We've finished SFOS v16.05.7 MR7. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.
The release is available to all SFOS version via MySophos portal.
You can find the firmware for your appliance from in MySophos portal.
Thank U for MR7
Can you please elaborate on the severity of some of these sql injections. Also, wanted to know the reason why we are still patching dirty cow and other dropbear CVEs that have been patched long ago upstream
NC-19720 [API] SQL Injection: Application filter add type
NC-19721 [API] SQL Injection: Proxy port config
NC-19775 [API] SQL Injection: User add/edit
NC-19558 [Base System] Add kernel patch for 'Stack Clash'CVE-2017-1000364
NC-19920 [Base System] Several vulnerabilitiy patches for Dropbear (CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406)
NC-21237 [Base System] Linux Kernel vulnerability "Dirty Cow" (CVE-2016-5195)
NC-19716 [UI] SQL Injection: Current Activities
NC-19753 [UI] SQL Injection: filter function
NC-19540 [WAF] WAF - Fix CVE-2017-7679: mod_mime buffer overread
NC-19717 [WAF] SQL injection: IPS backend server add
NC-19718 [Web] SQL Injection: Proxy file type add
NC-20787 [Web] Proxying is allowed through port 8090
NC-19719 [Wireless] Blind code execution: Access point edit
I have updated to MR7 ,Then found that incoming mail are not coming . So rolled back to MR6.
Are the STAS issues of SFOS v16.05.6 MR6 patched?
Surprising to see that the issue of apostrophes in users displayNames has still not been resolved. It's almost like Scottish and Welsh people don't exist...
Same as VishvasChitale here: After update, inbound SMTP connections are very unreliable. Rolled back to MR6 :-(
Any positive feedback? (SMTP excluded)
Do NOT apply this patch.
It is going to break a lot of things.
Just ended now a long call with the support.
Any changes to the webfiltering engine and DB ?
Any other people that suffered for SMTP issues ?
You guys did change the whole Setup Process to a new Wizzard! Why did you not notice this in Release Notes? Release notes should not only inform about Bugs which are fixed, it should also inform about changes you made.
Billybob, I believe the SQL injections are largely from an intensive internal bug hunt, and came from source code review, rather than external reporting. As for Dirty COW, while Linux was vulnerable, XG Firewall, was not. The attack was possible, but useless on XG. Patching this now is just a matter of good hygene.
[SMTP Status] 421 4.3.2 The maximum number of concurrent connections has exceeded a limit, closing transmission channel
[SMTP Status] 451 4.7.0 Timeout waiting for client input
Rolled back to MR-6.
We also had issues with emails being dropped or bounced so we rolled back to MR6.
Same... Had issues with incoming SMTP. Rolled back to MR5 after a 2 hour phone call with support at 3am. ARRRRGH.