Overview

We have just launched version 3.0.009 of the RED firmware pattern update. You can download and install the firmware right away. This release is a maintenance update that features essential security updates. The update includes improvements to multiple RED firmware components that address various open CVEs related to those components. Not all of the CVEs, however, affected vulnerabilities on SD-RED devices. Apart from the security enhancements, this firmware update also addresses multiple issues.

Security Fixes

Issue Key

Summary

NRF-633

WiFi mac80211 vulnerabilities : CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722

NRF-616

Base Ubuntu vulnerabilities: CVE-2022-1012 CVE-2022-20368 CVE-2022-36946 CVE-2022-32296

NRF-614

Address the following vulnerabilities in ncurses library: CVE-2017-10684, CVE-2017-16879, CVE-2018-19211, CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458

NRF-607

SD-RED pcre3 vulnerabilities: CVE-2019-20838, CVE-2020-14155

NRF-603

Address vulnerabilities in the curl component by upgrading it to 7.86.0: CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916.

NRF-601

Upgrade the zlib component to address the vulnerability: CVE-2018-25032 and CVE-2022-37434.

Issues Fixed

Issue Key

Summary

NRF-630

RED failover to integrated 4G module fails intermittently.

NRF-639

4G modules on SD-RED devices do not work when the default IP assignment type is IPv6.

NRF-641

Intermittent traffic disconnection even though the SD-RED 60 tunnel is active.

NRF-635

Intermittent image upgrade issues are seen on SD-RED 20 with 3.0.008 image

Install Instructions

  • On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
  • If the RED Firmware version is older than this release, click Update Pattern Now.
  • When ready to deploy new firmware to connected SD-RED devices, click Install. 
  • (SD-)RED devices will be rebooted during the firmware installation process

Supported Platforms

  • SFOS v18.5MR4+
  • SFOS v19GA+
  • SFOS v19.5GA+
Parents
  • XGS 3100 HA cluster says "Failed to install RED firmware" and there's nothing in the logging at all?

    Already did a node fail over without any result. These products getting worse and worse. Even a simple flush of an ARP table when your cluster is failing over is too hard for Sophos! Sophos needs six months to reproduce this issue says they fixed it and it's back in 19.5.2MR2

    Good job Sophos!

  • Same error with XG550 Cluster:

    Firmware seems ready to install:


    Then click on it:


    Now it is downloading again

    No information in the logfiles about that.. gg

Comment Children
No Data