Hi Community!

We have released RED firmware pattern update version 3.0.008. The firmware is immediately available for download and update. This is a maintenance release with several important security updates. Multiple RED firmware components were updated, that collectively address a number of open CVEs relevant to those components, though not all of the CVEs resulted in vulnerabilities on (SD-)RED devices 

News

Maintenance Release 

Security Fixes

  • NRF-594 - RED/SD-RED: Address OpenSSL Vulnerability - CVE-2022-0778
  • NRF-532 – Upgrade libcurl to 7.79.0 to address CVE-2021-22947 CVE-2021-22946 CVE-2021-22945
  • NRF-572 – Address glib2 CVE-2021-3800
  • NRF-533 - SD-RED 20/60: Address Kernel CVE-2020-25705
  • NRF-534 – RED 15/50: Upgrade jq to address CVE-2015-8863, CVE-2016-4074
  • NRF-535 – RED 15/50: Upgrade libxml2 to 2.9.9 to address CVE-2017-16931, CVE-2016-4658, CVE-2016-4448, CVE-2016-5131, CVE-2016-5130, CVE-2017-9050, CVE-2017-9049, CVE-2017-9047
  • NRF-537 – RED 15/50: Upgrade libnl to 3.5.0 to address CVE-2017-0553
  • NRF-540 – RED 50: Address the following CVEs on Linux Kernel Version 3.18.43: CVE-2016-10229, CVE-2017-13715, CVE-2017-5970, CVE-2017-8890, CVE-2020-25705, CVE-2017-6214

Bug Fixes

  • NRF-65 - aweclient tries to connect to the old IP after the RED15w IP & DHCP range are changed
  • NRF-574 - RED60: LTE Module is not working on SD-RED with Verizon MI-FI SIM card
  • NRF-566 - Red50 crashes/tunnel gets randomly disconnected

Install Instructions

  • On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
  • If the RED Firmware version is older than this release, click Update Pattern Now
  • When ready to deploy new firmware to connected SD-RED devices, click Install. 
  • (SD-)RED devices will be rebooted during the firmware installation process

Supported Platforms

  • SFOS v17.5 MR12+
  • SFOS v18.0 MR3+
  • SFOS v18.5 GA+
  • SFOS v19.0 EAP0+