Hi Community!
The AP firmware 11.0.017 has been released for Sophos Firewall OS (SFOS). This pattern update has a fix for the recently discovered Wi-Fi vulnerabilities AKA FragAttacks in legacy Access Points. In addition to the patch, this update also includes Security fixes for APX models and bug fixes for Mesh.
News:
Maintenance Release
Bugfixes:
- NAF-41 APX : openssl 1.0.2h update and patch CVE-2020-1971
- NAF-43 APX : openssl 1.0.2h update and patch CVE-2021-23840 and CVE-2021-23841
- NAF-48 APX: MESH won't be established
- NAF-55 Frag Attack: Fix vulnerabilities for legacy APs
- NAF-63 APX: address critical/high-risk CVEs in openssl
- NAF-65 APX: Address iperf critical/high-risk CVEs
- NAF-66 APX: Address tcpdump critical/high-risk CVEs
- NAF-67 APX: upgrade libcurl version to 7.78.0 to fix CVEs
- NAF-68 APX: Address critical/high-risk CVEs for binutils
- NAF-135 Legacy AP: Handle newboo induced compilation issue due to lex command
- NAF-82 APX: Address critical/high kernel CVEs
- NAF-83 SSIDs are not being broadcasted when 5GHz is configured on AP100X
- NAF-86 Legacy AP: MESH won't be established
SFOS Firmware Version:
This release is available to SFOS firewalls running the following firmware versions:
- SFOS v15.01 onwards
Install Instructions
- On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
- If the AP firmware version is older than this release, click Update Pattern Now
- When ready to deploy new firmware to connected Access Point devices, click Install.
- Access Point devices will be rebooted during the firmware installation process
Related Information
- Frag Attacks
- Advisory: Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification
- Legacy AP models are AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X
