The  AP firmware 11.0.017 for Sophos Firewall OS (SFOS)

Hi Community!  

The  AP firmware 11.0.017 has been released for Sophos Firewall OS (SFOS). This pattern update has a fix for the recently discovered Wi-Fi vulnerabilities AKA FragAttacks in legacy Access Points.  In addition to the patch, this update also includes Security fixes for APX models and bug fixes for Mesh. 

News: 

Maintenance Release 

Bugfixes: 

• NAF-41 APX : openssl 1.0.2h update and patch CVE-2020-1971
• NAF-43 APX : openssl 1.0.2h update and patch CVE-2021-23840 and CVE-2021-23841 
• NAF-48 APX: MESH won't be established 
• NAF-55 Frag Attack: Fix vulnerabilities for legacy APs 
• NAF-63 APX: address critical/high-risk CVEs in openssl 
• NAF-65 APX: Address iperf critical/high-risk CVEs 
• NAF-66 APX: Address tcpdump critical/high-risk CVEs 
• NAF-67 APX: upgrade libcurl version to 7.78.0 to fix CVEs 
• NAF-68 APX: Address critical/high-risk CVEs for binutils 
• NAF-135 Legacy AP: Handle newboo induced compilation issue due to lex command 
• NAF-82 APX: Address critical/high kernel CVEs 
• NAF-83 SSIDs are not being broadcasted when 5GHz is configured on AP100X 
• NAF-86 Legacy AP: MESH won't be established 

SFOS Firmware Version: 

This release is available to SFOS firewalls running the following firmware versions: 

• SFOS v15.01 onwards 

Install Instructions 

• On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates. 
• If the AP firmware version is older than this release, click Update Pattern Now 
• When ready to deploy new firmware to connected Access Point devices, click Install. 
• Access Point devices will be rebooted during the firmware installation process 

Related Information 

• Frag Attacks 
• Advisory: Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification 
• Legacy AP models are AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X