Up2Date Information

News

Maintenance Release

Remarks

System will be rebooted

Issues Resolved

NUTM-12235 [Basesystem, SUM] UTM not accessible through SUM gateway manager
NUTM-12234 [Basesystem] Remote Code Execution vulnerability in UTM WebAdmin
- A security advisory providing more details on the vulnerability (including CVE) has been posted here
NUTM-12250 [Wireless] AP Wireless Networks restart continuously-9.704

Parents

James Roughley over 4 years ago

My UTM has only just notified me 9.704 is available. Why am I a version behind?
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
neildonaldson over 4 years ago in reply to James Roughley
Today we've released UTM 9.705. The release will be rolled out in phases.
- In phase 1 you can download the update package from our download server
- In phase 2 we will make it available via our Up2Date servers to all installations
we are in phase one, so it will not show up yet on up2date check, that happens in phase 2
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
neildonaldson over 4 years ago in reply to neildonaldson

problem here is 9.704 introduced a bug that is fixed in 9.705 "wireless networks restart continually,"

so its probably better to apply these at the same time.

As Steve asks above, where is the CVE for the UTM vulnerability ? how serious is it ?

judging by the fact its not being rushed out to up2date immediately can we take it that its not so serious ?

its pretty poor form to publish release notes that includes fix for a "remote code execution" bug for webadmin without any further information
- Cancel
- Vote Up +3 Vote Down
- More
- Cancel
JustinO'Connor over 4 years ago in reply to neildonaldson

Agreed. It is more than a little vexing since I have not been able to access my UTMs for weeks now. Does this mean that they have potentially been compromised and I can't see it?
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
BrucekConvergent over 4 years ago in reply to JustinO'Connor

My bet (and I don't know this for a fact) -- they issued a hotfix patch of some sort via the pattern up2date system that broke SUM access (possibly the attack vector) -- and now this release fixes it all. Just a guess, but sort of what happened with XG a couple months ago. Apparently the bad guys are out there taking new whacks at perimeter security devices, a number of vendors out there have been issuing patches for this sort of vulnerability (unauthorized external access) the past couple of months.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

BrucekConvergent over 4 years ago in reply to JustinO'Connor

My bet (and I don't know this for a fact) -- they issued a hotfix patch of some sort via the pattern up2date system that broke SUM access (possibly the attack vector) -- and now this release fixes it all. Just a guess, but sort of what happened with XG a couple months ago. Apparently the bad guys are out there taking new whacks at perimeter security devices, a number of vendors out there have been issuing patches for this sort of vulnerability (unauthorized external access) the past couple of months.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

No Data

UTM Up2Date 9.705 Released

Up2Date Information

News

Remarks

Issues Resolved