Related
Recommended
talex

Important Notes

The initial UTM 9.703 release was pulled back and replaced with a new build (9.703-3), where the code change for "NUTM-11173 [Basesystem] IPsec doesn't re-connect on DHCP interface after firmware upgrade" is reverted. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The new version of UTM 9.703 is available at our download server.

There are two update packages available:

  • One for customers, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
  • One for customers, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Both update will be available via our Up2Date server later.

 

Up2Date Information

News

  • Maintenance Release
  • Add Support for new SD-RED 20 and SD-RED 60 devices

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Issues Resolved

  • NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing 'Sophos Transparent Authentication Status' tab
  • NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
  • NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
  • NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
  • NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
  • NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
  • NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
  • NUTM-11255 [Basesystem] Fix "Internet IPv6" binding in case of multiple IPv6 uplinks
  • NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
  • NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
  • NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
  • NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
  • NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
  • NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
  • NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
  • NUTM-11288 [Localization] AWS Current Stack link is incorrect
  • NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
  • NUTM-11218 [Network] ulogd restarting/core-dumps
  • NUTM-11614 [Network] Increase GARP buffer
  • NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
  • NUTM-11573 [RED] RED interface doesn't obtain IP after UTM reboot
  • NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
  • NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
  • NUTM-11378 [Reporting] Top5 Malware won't be displayed in Executive Reports if those are sent as PDF
  • NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error "cannot decode string with wide characters at encode.pm line 174"
  • NUTM-10202 [UI Framework] [SAA] Live user table doesn't scale with very long names
  • NUTM-11084 [UI Framework] Webadmin Information popup not visible
  • NUTM-11191 [UI Framework] Can't download certificate in WebAdmin when name contains apostrophe
  • NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
  • NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
  • NUTM-11725 [UI Framework] Update prototype
  • NUTM-11130 [Web] Add configuration for savi_scan_timeout
  • NUTM-11346 [Web] Warn page proceed fails due to missing parameters
  • NUTM-10269 [Wireless] SSID stops broadcasting
  • NUTM-11581 [Wireless] User with "Wireless Protection Manager" rights is unable to change wireless settings if mesh is configured

  • Hello Sophos, thank you again for the update. This time everything went smoothely and all seems to be well with the update from 9.702-001 to 9.703-3.

  • Very interesting to read the updated Root Cause Analysis and refreshing to see a company own up to some miscommunication publicly. I am by no means bashing, but hope lessons learned are actually "learned". There were avoidable mistakes, but to err is human.

    I'm presently running just fine on 9.703 with the note that I did get some continuous Uplink Monitoring alerts of a constant flap (I use the default monitor, not my own configured test). I disabled the alerting for now to cut down on emails but actual Internet traffic appears to be unaffected. I do use a DHCP WAN interface so I'm not sure if this is related.... but of note based on the RCA, I do >>not<< have any sort of VPN service enabled.

  • I installed the 9.703 release on my SG115 before I found this thread, and luckily I haven't had the problems reported here. However, I'm sure I would've rolled the dice anyways as I've been experiencing what I suspect is this bug:

    NUTM-10269 [Wireless] SSID stops broadcasting

    Since I've been working remotely lately this has been especially problematic. I probably have to reboot my access point once a day now, as the wireless just stops working at the most inopportune times (of course).

    Unfortunately, 9.703 did not help this problem at all. With this new version installed, my wireless network still randomly stops broadcasting at least once a day requiring me to reboot the access point either by pulling the plug on the AP or doing an SSH to the SSG115 from my desktop and using "awetool".

    I certainly hope this gets fixed soon.

  • I updated a customer's  SG135w last Thursday, and was facing very similar issues as Markus mentioned.

    Update path was from 9.702001->9.703002.

    Immediately after reboot the appliance was able to send few emails, e.g. about middleware not running, Web GUI was accessible, but responding slowly. After a few minutes it wasn't possible anymore to access the GUI, no ping response anymore, and all ethernet interfaces seemed to be flapping every few minutes, no internet access, because web protection proxy was also unreachable.

    And the bad thing: since the device was responding only for a minute or 2 after reboot, we weren't able to export some logs, before we decided to enforce a clean re-install of the previous version.

    The only way to get it back into operation was to reinstall 9.702001 from a DVD and to restore the latest backup we luckily had.

  • People are reporting problems since 5 days and no comment from Sophos, I don't believe it!

Unfiltered HTML