Today we've released UTM 9.706-9. The release will be rolled out in phases.

  • In phase 1 you can download the update package from our download server.
  • In phase 2 we will make it available via our Up2Date servers in several stages.
  • In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Up2Date Information

News

  • Maintenance Release/ Security Release 

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Issues Resolved

  • NUTM-12780 [Email] Upgrade Exim to v4.94.2 - 9.706
  • What´s the general impression of this update? Is it usable? How many may have already installed it?

  • 9.706-9 has a different Issues Resolved List. I think the exim patch has been merged into 9.706 and then it has been declared 9.706-9.

    This is the correct list:

    NUTM-12050 [Access & Identity] IPv6 auto-firewall rules missing with IPsec S2S respond only
    NUTM-12062 [Access & Identity] AD Group object not updated when user with an Umlaut in the username logs in
    NUTM-12188 [Access & Identity] openl2tp service is dead and unable to start
    NUTM-12198 [Basesystem, UI Framework] Webadmin host injection reported
    NUTM-11753 [Basesystem] SG450 RAID status not alerting
    NUTM-11988 [Basesystem] Interface goes down after re-assigning the hardware of an interface
    NUTM-11989 [Basesystem] BGP issue causes long delay in UTM startup
    NUTM-12064 [Basesystem] Perl - Vulnerabilities
    NUTM-12112 [Basesystem] Libc Vulnerabilities
    NUTM-12122 [Basesystem] net-snmp Vulnerability CVE-2019-20892
    NUTM-12354 [Basesystem] Patch BIND (CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624)
    NUTM-12471 [Basesystem] OpenSSL: CVE-2020-1971 - DoS
    NUTM-11941 [Email] unnecessary SMTP restarts due to a SSL VPN login
    NUTM-12286 [Email] ECC Ciphers ECDH-ECDSA not supported by Exim SMTP
    NUTM-12317 [Email] Stored XSS in quarantined email detail view leads to full compromise
    NUTM-12542 [Email] Arbitrary Config Object Deletion via User Portal
    NUTM-12578 [Email] Pre-auth RCE via Untrusted Deserialization in QM/SPX
    NUTM-12780 [Email] Upgrade Exim to v4.94.2 - 9.706
    NUTM-12289 [Kernel] "Pryde" FW evasion issues affecting UTM
    NUTM-11915 [Network] Ipsec routes will be removed if a wifi network will be added and the ipsec local networks overlap with an existing wifi network
    NUTM-12045 [Network] INFO-122 Dhcpd not running
    NUTM-12280 [RED] RED site-to-site tunnels reconnecting at random intervals (utm to tum)
    NUTM-12253 [RED_Firmware] Split DNS doesn't work with SD-RED
    NUTM-12379 [RED_Firmware] RED doesn't reboot after reconnect doesn't work properly
    NUTM-12098 [UI Framework] Remote crash of User Portal index.plx
    NUTM-12710 [Up2Date] Up2Date caching feature is broken after UTM 9.706
    NUTM-11950 [WAF] AH00051 child pid XXXX exit signal Segmentation fault (11), possible coredump in /tmp
    NUTM-12148 [WAF] WAF not always sending SNI to backend
    NUTM-12029 [Web] AWS https scanning connect timeout on some sites with chrome
    NUTM-12204 [Web] High CPU with http proxy coredumps .
    NUTM-12032 [Wireless] "&" sign in PSK cause issues after config change
    NUTM-12127 [Wireless] wireless client list empty
    NUTM-12254 [Wireless] Website not loading for wireless user due to large packets whose size is larger than the MTU of the link
    NUTM-12362 [Wireless] AP55/55C/100X/320X : Communication issue for Clients which are connected to the same SSID but at different APs
    NUTM-12383 [Wireless] All SSIDs disappears from AP and disconnects all connected clients

  • By upgrading our SG330 HA Cluster one of our eight RED-Devices got shred by the new firmware.

    It is not able to upgrade the firmware anymore on this device. Even after resetting it is still failing to install the new firmware.

    Sophos will replace it now, but I think that this should not happen anymore since the firmware update disaster in 9.6.

  • Buggy version... Seems that the XG team has now fully replaced the Astaro team.