Today we've released UTM 9.501. The release is now available for all via Up2Date servers.
[Update]: This release contains all relevant fixes from UTM 9.414.
Up2Date Information
News
- Maintenance Release
Remarks
- System will be rebooted
- Configuration will be upgraded
- Connected REDs will perform firmware upgrade
- Connected Wifi APs will perform firmware upgrade
Bugfixes
- NUTM-6868 [AWS, REST API] Missing trailing slash in Swagger URLs
- NUTM-6908 [AWS, REST API] [RESTD] Consistent authentication look and feel
- NUTM-7173 [AWS, REST API] [RESTD] Selfmon cannot (re)start restd
- NUTM-7633 [AWS, REST API] Authentication with umlauts and some special characters not working
- NUTM-6727 [AWS] AWS_CONVERSION_PRE_CHECK_FAILED (Pre-check failed: 127.)
- NUTM-7374 [AWS] Link to RESTful API documentation
- NUTM-7497 [AWS] selfmon complains about missing awslogsd during Up2Date
- NUTM-7658 [AWS] Swagger UI XSS vulnerability
- NUTM-7442 [Access & Identity, RED] [RED] 3G Failback with RED15(w) not working if DHCP server is shutting down
- NUTM-6504 [Access & Identity] OpenVPN 2.4.0 deprecated option "tls-remote"
- NUTM-6606 [Access & Identity] Re-occuring issues with the Sophos UTM Support access
- NUTM-7111 [Access & Identity] Multiple open vulnerabilities in libvncserver
- NUTM-7157 [Access & Identity] VPN users not being created when backend AD group is used
- NUTM-7295 [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
- NUTM-7350 [Access & Identity] [RED] USB stick E3372 does not work with RED 15
- NUTM-7377 [Access & Identity] Remote Access tab won't load after selecting the OTP Token tab in the User Portal
- NUTM-7448 [Access & Identity] SSLVPN: download of configuration for windows should use tls-remote option
- NUTM-7774 [Access & Identity] HTML5 - Mouse not working on Touch Devices
- NUTM-7874 [Access & Identity] Openvpn: DoS due to Exhaustion of Packet-ID counter (CVE-2017-7479)
- NUTM-6956 [Basesystem] Hardware LCD screen: IP address of ports other than eth0 cannot be changed through LCD
- NUTM-7067 [Basesystem] Update OpenSSH to openssh-6.6p1
- NUTM-7069 [Basesystem] Linux: CVE-2017-6214: ipv4/tcp: infinite loop in tcp_splice_read()
- NUTM-7626 [Basesystem] BIND Security update (CVE-2017-3136, CVE-2017-3137)
- NUTM-7646 [Basesystem] NTP Security update (CVE-2017-6458, CVE-2017-6460)
- NUTM-7742 [Basesystem] Update Appctrl (4.4.1.21)
- NUTM-6978 [Confd] Configuration backups do not properly sanitize information
- NUTM-7160 [Confd] "&" sign in RADIUS secret will be converted into "&"
- NUTM-7636 [Confd] If changing name in REF_DefaultSuperAdmin 'Admin reset password' page is not presented
- NUTM-3513 [Email] MIME type filter doesn't detect real mime type
- NUTM-3516 [Email] POP3 prefetch sometimes stops working
- NUTM-3669 [Email] SMTP Proxy vulnerable by TLS renegotiation (CVE-2011-1473)
- NUTM-3671 [Email] SPX encrypted messages are vulnerable to access without proper authentication
- NUTM-3677 [Email] Maildrop locked for account_id
- NUTM-4324 [Email] Changing Email Protection settings fails with Sandstorm enabled and trial expired
- NUTM-5388 [Email] Individual SMTP profiles not updated with changed global settings
- NUTM-5545 [Email] Quarantine report can't be enabled under some circumstances
- NUTM-6379 [Email] Frequent cssd coredumps
- NUTM-6986 [Email] Sender blacklist doesn't allow '&' sign within the email address
- NUTM-7220 [Email] WAF reporting virus found when AV engine on the UTM is updating
- NUTM-7625 [Email] SMTP DLP expressions do not trigger under specific condition
- NUTM-7722 [Email] mailbox_size_limit is smaller than message_size_limit in notifier log
- NUTM-3170 [Network] Time-base access for wireless is dropping ipsec-routes and not creating them again
- NUTM-6992 [Network] OSPF re-announcing static routes
- NUTM-7044 [Network] Disable a VLAN associated with the WAN interface breaks the complete communication
- NUTM-7439 [Network] nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
- NUTM-7395 [RED] [RED] Split networks/domains fields not shown when editing RED10/15
- NUTM-7491 [RED] WARNING: CPU: 0 PID: x at net/core/dst.c:293 dst_release+0x30/0x51()
- NUTM-7060 [Reporting] Search in reports doesn't work if the username contains only numbers
- NUTM-6651 [Sandboxd] All sandstorm tagged mails get stuck in "Sandstorm scan pending"
- NUTM-4804 [WAF] Redirect to original requested path after form-based auth
- NUTM-6930 [WAF] WAF not responding after reboot of the AWS UTM
- NUTM-7178 [WAF] Segmentation fault in mod_xml2enc for multi-byte charsets
- NUTM-7362 [WAF] Fix localization strings in Confd
- NUTM-7698 [WAF] WAF URL redirection and Site path routing can be configured for the same path
- NUTM-7806 [WAF] WAF - inconsistency with two or more site path routes for '/'
- NUTM-7857 [WAF] Changing the order of real webservers in the virtual webserver edit form isn't working
- NUTM-6617 [WebAdmin] Search for Network Definitions breaks in Chrome with over 1000 objects
- NUTM-7652 [WebAdmin] Not possible to download different SSL VPN User Profiles in one Firefox Session
- NUTM-7870 [WebAdmin] Comment not displayed for Time Period definition
- NUTM-5794 [Web] IPv6 fallback to IPv4 doesn't work
- NUTM-6502 [Web] HTTP Proxy coredumping with EC CA certificate
- NUTM-6532 [Web] AD Users are prefetched in lowercase letters
- NUTM-6809 [Web] URL category name "Potiental Unwanted Programs" spelling mistake on sophostest.com
- NUTM-6848 [Web] HTTPS warn behaviour when "Block all content, except..." is selected
- NUTM-6867 [Web] New httpproxy coredumps after update to v9.411 - ReleaseToCentralCache
- NUTM-7076 [Web] UTM not updating AD group definition
- NUTM-7167 [Web] OTP Using AD Backend Membership - duplicates user when capital letters are used in the username
- NUTM-7321 [Web] Non existent or non proxy users are able to create SSL webfilter exceptions
- NUTM-7367 [Web] Difference between web_filter templates and default templates in web filter
- NUTM-5612 [WiFi] Manual channel selection not possible in both bands for SG W appliances
