Hi Everyone,
Today we've released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.
Note:
- When installing the update packages manually, please make sure to upload both update packages 9.507 and 9.508.
- S/MIME Encryption updates: This release brings changes to the S/MIME feature to fully conform with new GDPR regulatory requirements for encryption. Core to these changes are new algorithms to perform encryption and signatures within S/MIME. Due to the changes in the signature algorithms, older implementations of S/MIME - including previous Sophos UTM releases - can no longer verify signatures produced with the new algorithms. Encryption and decryption of emails is not affected by this change. For details, please read the following KBA at https://community.sophos.com/kb/en-us/131727.
Up2Date Information
News
- Maintenance Release
Remarks
- System will be rebooted
- Configuration will be upgraded
- Connected APs will perform firmware upgrade
Bugfixes
- NUTM-8739 [Access & Identity] Argos segfault and coredump after update to v9.502
- NUTM-9164 [Access & Identity] SSLVPN installation packages fail to copy user profile during installation
- NUTM-9344 [Access & Identity] All users are locked when a lockout policy via GPO was set
- NUTM-9047 [Basesystem] VLAN interface on the bridge doesn't come up when slave becomes the master
- NUTM-9296 [Configuration Management] Report Auditor is unable to open the dashboard in UTM
- NUTM-9397 [Configuration Management] Log Remote Archiving via SCP fails when used with OpenSSH >= 7.0
- NUTM-9497 [Documentation] ATP - Invalid status display on Webadmin for Japanese,Russian,Spanish language
- NUTM-4174 [Email] POP3 spool cleanup does not work
- NUTM-8794 [Email] Wrong MIME Type detection
- NUTM-8937 [Email] Upgrade SMIME
- NUTM-9046 [Email] SPX binary error with Office365
- NUTM-9098 [Email] Mail stuck in work queue
- NUTM-9252 [Email] Patch Exim for CVE-2014-2972 and CVE-2016-9963
- NUTM-9259 [Email] POP3 Proxy coredump in "libc_start_main"
- NUTM-9337 [Email] Selecting an AD Server for AD Recipient Verification in SMTP isn't possible after update to v9.506
- NUTM-9382 [Email] WebAdmin user not able to disable the "Recipient Verification" in SMTP Routing
- NUTM-9303 [HA/Cluster] HA "max_nodes" option set to 3 causes named to fail to start
- NUTM-9405 [HA/Cluster] Interface MAC addresses shouldn't get replicated on slave node if virtual_mac is set to 0
- NUTM-3497 [Network] BGP soft-reconfiguration not working
- NUTM-8118 [Network] After upgrading to 9.500 "Service Monitor not running - restarted" notifications being received
- NUTM-8432 [Network] Local Privilege Escalation via confd Service
- NUTM-8604 [Network] Changing a bridge IP address causes bridge to go down when using vlans
- NUTM-8887 [Network] DNS group objects doesn't delete old IP addresses
- NUTM-9064 [Network] Network monitoring daemon constantly restarts since upgrade to 9.503
- NUTM-9177 [Network] Disabled static routes are being put into the routing table
- NUTM-9465 [Network] Wrong/Old IPv6 Tunnel Broker URLs in Webadmin
- NUTM-8759 [Sandboxd] Add support for Sandstorm's Asia data centre
- NUTM-9006 [UI Framework] Not possible to download different SSLVPN User Profiles in one Firefox session
- NUTM-6955 [WebAdmin] Error text appears in dialog when trying to view user object usage
- NUTM-8567 [WebAdmin] Update to ImageMagick-7.0.7-11
- NUTM-9116 [WebAdmin] Object information can't be displayed for specific objects
- NUTM-9128 [WebAdmin] PCI Scan failing on UserPortal due to missing HSTS and CSP
- NUTM-9430 [WebAdmin] Issue with X-Content-Type-Options header presented by UTM
- NUTM-7201 [Web] HTTP Proxy connections hang in CLOSE_WAIT state
- NUTM-8638 [Web] Add group visibility in log with unlimited AD groups
- NUTM-8746 [Web] After changing group membership, old one is still available from winbind
- NUTM-8886 [Web] TLS Input/output error when connecting to web site
- NUTM-9113 [Web] HTTP Proxy coredump on 9.505
- NUTM-9166 [Web] HTTP Proxy coredump on function deny_ntlm_auth
- NUTM-9332 [Web] DNSExpire coredump causes slow browsing
- NUTM-9416 [Web] HTTP Proxy coredump on 9.506 with signal SIGFPE Arithmetic Exception
- NUTM-3127 [Wireless] AP55/100 connection issues - disconnected due to excessive missing ACKs
- NUTM-6640 [Wireless] Fix visibility of Fast Transition option in different security modes
- NUTM-7013 [Wireless] Frequent disconnects on guest wifi network after >1 week
- NUTM-8243 [Wireless] Update dropbear SSH Server to fix CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406
- NUTM-8299 [Wireless] UTM stops broadcasting SSIDs for the built-in wireless after upgrade to 9.5
- NUTM-8781 [Wireless] W-appliance - wireless network connection issue with Bridge to AP LAN
- NUTM-8827 [Wireless] Internal wireless not broadcasting SSID after updating to 9.503
- NUTM-8832 [Wireless] Integrated wireless adapter can be deleted
- NUTM-8930 [Wireless] Unable to see the SSID and connect to local wifi on 2.4 Ghz band
- NUTM-8940 [Wireless] kernel: [ xxxx.xxxxx] CPU: 0 PID: 13902 Comm: iw Tainted: G W O 3.12.74-0.265397234.g263c982.rb6-smp64 #1
- NUTM-8945 [Wireless] SG115w SSID not broadcasted since updated to 9.503
Up2Date Information for Wireless Firmware 11.0.003
As part of UTM 9.508, the wireless firmware is updated to 11.0.003.
Bugfixes
- NUTM-9338 [Wireless] Client is not getting disconnected if MAC address is removed from whitelist