SD-RED Firmware 3.0.009 pattern update released

24 May 2023

Overview

We have just launched version 3.0.009 of the RED firmware pattern update. You can download and install the firmware right away. This release is a maintenance update that features essential security updates. The update includes improvements to multiple RED firmware components that address various open CVEs related to those components. Not all of the CVEs, however, affected vulnerabilities on SD-RED devices. Apart from the security enhancements, this firmware update also addresses multiple issues.

Security Fixes

Issue Key	Summary
NRF-633	WiFi mac80211 vulnerabilities : CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
NRF-616	Base Ubuntu vulnerabilities: CVE-2022-1012 CVE-2022-20368 CVE-2022-36946 CVE-2022-32296
NRF-614	Address the following vulnerabilities in ncurses library: CVE-2017-10684, CVE-2017-16879, CVE-2018-19211, CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458
NRF-607	SD-RED pcre3 vulnerabilities: CVE-2019-20838, CVE-2020-14155
NRF-603	Address vulnerabilities in the curl component by upgrading it to 7.86.0: CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916.
NRF-601	Upgrade the zlib component to address the vulnerability: CVE-2018-25032 and CVE-2022-37434.

Issues Fixed

Issue Key	Summary
NRF-630	RED failover to integrated 4G module fails intermittently.
NRF-639	4G modules on SD-RED devices do not work when the default IP assignment type is IPv6.
NRF-641	Intermittent traffic disconnection even though the SD-RED 60 tunnel is active.
NRF-635	Intermittent image upgrade issues are seen on SD-RED 20 with 3.0.008 image

Install Instructions

On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
If the RED Firmware version is older than this release, click Update Pattern Now.
When ready to deploy new firmware to connected SD-RED devices, click Install.
(SD-)RED devices will be rebooted during the firmware installation process

Supported Platforms

SFOS v18.5MR4+
SFOS v19GA+
SFOS v19.5GA+

Parents

juergenb52 6 months ago

The upgrade of a recovered (bricked) SD-RED 20 went smoothly. Had no issues. NRF-635 seems fixed..
- Cancel
- Vote Up +2 Vote Down
- More
- Cancel
Tejas Kashyap 6 months ago in reply to juergenb52

Thanks for the update.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
Arvin Velasco Carlos 4 months ago in reply to Tejas Kashyap

Hi, We have a Xg firewall on Azure with ver 18.5.1 MR-1-Build326 with Red firmware version 3.007 for 20+ branches using SDRED 20 and SDRED 60, We are planning to uprade to SFOS 19.5.1 MR1-Build278, we learned that there is a bug; )NRF-635 Intermittent image upgrade issues are seen on SD-RED 20 with 3.0.008 image) will bricked all the SD-RED 20's? Can we skipped the 3.008?, upgrade to SFOS to 19.5, then install the 3.009 firmware? is this possible?...
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
Tejas Kashyap 4 months ago in reply to Arvin Velasco Carlos

Hi Arvin. Thanks for reaching out.

Since RED firmware 3.0.008 is already downloaded but not installed on your setup, we would prefer you upgrade RED firmware first.

RED firmware upgrade to 3.0.008 on v18.5MR1-326 > SFOS upgrade to 19.5.1.MR1-278 > RED firmware upgrade to 3.0.009 is the suggested sequence.

Also, since 3.0.009 has not been released for 18.5MR1, upgrading RED first and then upgrading SFOS to receive the firmware upgrade.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
Arvin Velasco Carlos 4 months ago in reply to Tejas Kashyap

Thanks a lot, alright, we will proceed with these suggested approach, we are just worried because our RED's are deployed geographically wide and it is very hard for our team to deal with the bricked RED that will cause by firmware 3.008 upgrade ..
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Arvin Velasco Carlos 4 months ago in reply to Tejas Kashyap

Thanks a lot, alright, we will proceed with these suggested approach, we are just worried because our RED's are deployed geographically wide and it is very hard for our team to deal with the bricked RED that will cause by firmware 3.008 upgrade ..
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

No Data