Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Hi Community! We have released RED firmware pattern update version 3.0.007. The firmware is immediately available for download and update. This is a maintenance release with several important security updates. A number of RED firmware components were updated, that collectively address a large number of open CVEs relevant to those components, though not all of the CVEs result in vulnerabilities on RED devices. 

Maintenance Release

Security fixes:

  • NRF-513 Address  Frag Attack vulnerabilities in RED devices (CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147)
  • NRF-514 Address open CVEs in openssl (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
  • NRF-515 Upgrade libcurl version to 7.76.1 to address open CVEs (CVE-2021-22898, CVE-2021-22924, CVE-2021-22925)
  • NRF-510 Upgrade dnsmasq to v2.85 (CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673,CVE-2021-29155, CVE-2021-3501)
  • NRF-516 Address open CVEs in binutils utility 


  • NRF-509 Fix issue where AP was not registering over RED15w tunnel
  • NRF-517 Fix issue where SD-RED60 LAN switch VLAN configuration was lost after some time 

Install Instructions

  • On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
  • If RED Firmware version is older than this release, click Update Pattern Now
  • When ready to deploy new firmware to connected SD-RED devices, click Install
  • RED devices will be rebooted during firmware installation process

Parents Comment Children