UTM Up2Date 9.508 Released

Hi Everyone,

Today we've released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Note:

• When installing the update packages manually, please make sure to upload both update packages 9.507 and 9.508.
• S/MIME Encryption updates: This release brings changes to the S/MIME feature to fully conform with new GDPR regulatory requirements for encryption. Core to these changes are new algorithms to perform encryption and signatures within S/MIME. Due to the changes in the signature algorithms, older implementations of S/MIME - including previous Sophos UTM releases - can no longer verify signatures produced with the new algorithms. Encryption and decryption of emails is not affected by this change. For details, please read the following KBA at https://community.sophos.com/kb/en-us/131727.

Up2Date Information

News

• Maintenance Release

Remarks

• System will be rebooted
• Configuration will be upgraded
• Connected APs will perform firmware upgrade

Bugfixes

• NUTM-8739 [Access & Identity] Argos segfault and coredump after update to v9.502
• NUTM-9164 [Access & Identity] SSLVPN installation packages fail to copy user profile during installation
• NUTM-9344 [Access & Identity] All users are locked when a lockout policy via GPO was set
• NUTM-9047 [Basesystem] VLAN interface on the bridge doesn't come up when slave becomes the master
• NUTM-9296 [Configuration Management] Report Auditor is unable to open the dashboard in UTM
• NUTM-9397 [Configuration Management] Log Remote Archiving via SCP fails when used with OpenSSH >= 7.0
• NUTM-9497 [Documentation] ATP - Invalid status display on Webadmin for Japanese,Russian,Spanish language
• NUTM-4174 [Email] POP3 spool cleanup does not work
• NUTM-8794 [Email] Wrong MIME Type detection
• NUTM-8937 [Email] Upgrade SMIME
• NUTM-9046 [Email] SPX binary error with Office365
• NUTM-9098 [Email] Mail stuck in work queue
• NUTM-9252 [Email] Patch Exim for CVE-2014-2972 and CVE-2016-9963
• NUTM-9259 [Email] POP3 Proxy coredump in "libc_start_main"
• NUTM-9337 [Email] Selecting an AD Server for AD Recipient Verification in SMTP isn't possible after update to v9.506
• NUTM-9382 [Email] WebAdmin user not able to disable the "Recipient Verification" in SMTP Routing
• NUTM-9303 [HA/Cluster] HA "max_nodes" option set to 3 causes named to fail to start
• NUTM-9405 [HA/Cluster] Interface MAC addresses shouldn't get replicated on slave node if virtual_mac is set to 0
• NUTM-3497 [Network] BGP soft-reconfiguration not working
• NUTM-8118 [Network] After upgrading to 9.500 "Service Monitor not running - restarted" notifications being received
• NUTM-8432 [Network] Local Privilege Escalation via confd Service
• NUTM-8604 [Network] Changing a bridge IP address causes bridge to go down when using vlans
• NUTM-8887 [Network] DNS group objects doesn't delete old IP addresses
• NUTM-9064 [Network] Network monitoring daemon constantly restarts since upgrade to 9.503
• NUTM-9177 [Network] Disabled static routes are being put into the routing table
• NUTM-9465 [Network] Wrong/Old IPv6 Tunnel Broker URLs in Webadmin
• NUTM-8759 [Sandboxd] Add support for Sandstorm's Asia data centre
• NUTM-9006 [UI Framework] Not possible to download different SSLVPN User Profiles in one Firefox session
• NUTM-6955 [WebAdmin] Error text appears in dialog when trying to view user object usage
• NUTM-8567 [WebAdmin] Update to ImageMagick-7.0.7-11
• NUTM-9116 [WebAdmin] Object information can't be displayed for specific objects
• NUTM-9128 [WebAdmin] PCI Scan failing on UserPortal due to missing HSTS and CSP
• NUTM-9430 [WebAdmin] Issue with X-Content-Type-Options header presented by UTM
• NUTM-7201 [Web] HTTP Proxy connections hang in CLOSE_WAIT state
• NUTM-8638 [Web] Add group visibility in log with unlimited AD groups
• NUTM-8746 [Web] After changing group membership, old one is still available from winbind
• NUTM-8886 [Web] TLS Input/output error when connecting to web site
• NUTM-9113 [Web] HTTP Proxy coredump on 9.505
• NUTM-9166 [Web] HTTP Proxy coredump on function deny_ntlm_auth
• NUTM-9332 [Web] DNSExpire coredump causes slow browsing
• NUTM-9416 [Web] HTTP Proxy coredump on 9.506 with signal SIGFPE Arithmetic Exception
• NUTM-3127 [Wireless] AP55/100 connection issues - disconnected due to excessive missing ACKs
• NUTM-6640 [Wireless] Fix visibility of Fast Transition option in different security modes
• NUTM-7013 [Wireless] Frequent disconnects on guest wifi network after >1 week
• NUTM-8243 [Wireless] Update dropbear SSH Server to fix CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406
• NUTM-8299 [Wireless] UTM stops broadcasting SSIDs for the built-in wireless after upgrade to 9.5
• NUTM-8781 [Wireless] W-appliance - wireless network connection issue with Bridge to AP LAN
• NUTM-8827 [Wireless] Internal wireless not broadcasting SSID after updating to 9.503
• NUTM-8832 [Wireless] Integrated wireless adapter can be deleted
• NUTM-8930 [Wireless] Unable to see the SSID and connect to local wifi on 2.4 Ghz band
• NUTM-8940 [Wireless] kernel: [ xxxx.xxxxx] CPU: 0 PID: 13902 Comm: iw Tainted: G W O 3.12.74-0.265397234.g263c982.rb6-smp64 #1
• NUTM-8945 [Wireless] SG115w SSID not broadcasted since updated to 9.503

Up2Date Information for Wireless Firmware 11.0.003

As part of UTM 9.508, the wireless firmware is updated to 11.0.003.

Bugfixes

• NUTM-9338 [Wireless] Client is not getting disconnected if MAC address is removed from whitelist