UTM Up2Date 9.503 Released

Hi Everyone,

Today we've released UTM 9.503. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Update 2017-08-25: Unfortunately the update package has an issue with a missing config file for Samba and we needed to pull the update package down from the FTP server. We are working on a replacement urgently.

Update 2017-08-31: New update files with the fix for the missing Samba config (NUTM-8702) are available on our FTP server. There are two update files available now:

• u2d-sys-9.502004-503004.tgz.gpg for all who are on 9.502 and 
• u2d-sys-9.503003-503004.tgz.gpg for those who already installed the previous 9.503-3

Update 2017-09-07: Update is available for all via Up2Date servers.

Up2Date Information

News

• Maintenance Release
• Configuration will be upgraded
• Connected REDs will perform firmware upgrade
• Connected Wifi APs will perform firmware upgrade

Remarks

• System will be rebooted

Bugfixes

• NUTM-7891 [AWS] awslogsd.log is beeing flooded with logmessages
• NUTM-3196 [Access & Identity] Overlapping backend user prefetches may not be executed
• NUTM-7943 [Basesystem] Ntpd permanently restarting on slave node
• NUTM-8130 [Basesystem] Linux vulnerability ‘The Stack Clash’
• NUTM-8442 [Basesystem] Network Monitor heavily logs “Writing static route to” in fallback log
• NUTM-8431 [Configuration Management] Privilege escalation via insecure directory permissions
• NUTM-8167 [Configuration Management] Stored XSS in UTM
• NUTM-8229 [Configuration Management] Expiring certificate check still send notifications even after CA is regenerated
• NUTM-8300 [Configuration Management] Expiring certificate check error fails for incomplete date in certificate
• NUTM-8160 [Email] \N in Password of bind request causes account log out
• NUTM-8173 [Email] UTM fails to apply DKIM signature to outbound mail with reason RC -102
• NUTM-8339 [Email] Avira scanner in single or dual scan still results in SMTP proxy AV scanner unreachable errors on 9.414/9.501
• NUTM-8364 [Email] S/MIME encryption - automatic certificate extraction causing high load
• NUTM-8464 [Email] worker_do_get_file req content parsing error or missing parameters when mime header “From” in blank  
• NUTM-8455 [Hardware] Fix hardware detection for SG230nc
• NUTM-6981 [Network] No multicast packets visible on bridge with 10 Gbit interfaces
• NUTM-7187 [Network] Prefix Delegation does not work correctly during a PPPoE reconnect
• NUTM-7502 [Network] Wireless client hostname not displayed/updated
• NUTM-7749 [Network] Filter list with hosts didn’t work in BGP and should not be possible to configure
• NUTM-7754 [Network] WAF permanently restarts on slave node
• NUTM-8556 [Network] SNMP - Error allocating more space for arpcache
• NUTM-8017 [REST API] REST API not returning expected objects from API Explorer
• NUTM-8137 [WAF] URL hardening prevents login to succeed as side effect of “Redirect to requested URL” feature
• NUTM-8174 [WAF] Increase LimitRequestLine
• NUTM-8169 [WebAdmin] Certain WebAdmin search fields not usable after upgrade to 9.414/9.5
• NUTM-5797 [Web] Winbindd: Exceeding 16000 client connections
• NUTM-7070 [Web] In Advanced Protection statistics, email count number for “Awaiting result” displayed in web field
• NUTM-8102 [Web] Standard SSO AD issue after updating to 9.5 - IE/Chrome failing/slow to load sites
• NUTM-8191 [Web] SSL exception matched for a specific website but didn’t work
• NUTM-8352 [Web] Add patch for CVE-2017-11103 “Orpheus’ Lyre”
• NUTM-8353 [Web] HTTP proxy AD-SSO authentication failing on 9.502 with more than 5,000 users or groups in AD
• NUTM-8387 [Web] UTM registering all of it’s IPs in DNS when joining a domain
• NUTM-8702 [Web] After 9.503-3 Update: net: error while loading shared libraries
• NUTM-8105 [Wireless] Wireless network connected issue with Bridge to AP LAN