UTM Up2date 9.713 released

We've just released UTM version 9.713. As usual, the release will be rolled out in phases:

• In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.
  • Up2date package – 9.7.12 to 9.7.13 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.712013-713019.tgz.gpg
  • Md5sum is a136634f8356cbc53ca8e9e4db5f1cd8: https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.712013-713019.tgz.gpg.md5
• During phase 2 we will make it available via our Up2Date servers in several stages.
• In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Details of this release, along with previous releases, can be found on our official release notes page.

Other news

• Maintenance Release
• Security Release

Remarks

• System will be rebooted
• Configuration will be upgraded

Issues Resolved

• NUTM-13682 [Email] Post-auth SQLi in Quarantine Manager (CVE-2022-3345)
• NUTM-13475 [WAF] High CPU usage by rrdtool due to daylight saving time changes

Important notice - 32 bit mode and the Avira scan engine

The most significant change in this release is the switch of several additional components to run in full 64-bit mode on 64-bit kernels.

Starting with this release, the following services run in 64-bit mode by default for all customers running the 64-bit kernel:

• HTTP proxy
• Sophos and Avira scan engines
• Snort

One reason for this change is that Avira have announced the end of support for 32-bit versions of their scan engine. If you are using the Avira scan engine in your UTM configuration, you should update to 9.713 as soon as possible. Consult the following article for more information: Sophos NSG: End of Support for Avira 32-bit Scan Engine

For customers running the 32-bit kernel, the 32-bit versions of these services will continue to be installed and used in version 9.713 and beyond. However, the Avira Scan Engine will no longer provide the same levels of protection after their end of support date. You can see which kernel version you are using in the footer of the Webadmin screen:

CPUs that only support 32-bit mode are now over ten years old. It will become harder for us to continue to support key components in 32-bit mode going forward. We suggest that if you are currently running with a 32-bit kernel you consider upgrading your installation with new hardware, or by reimaging your current hardware with a SG UTM ISO image and selecting 64-bit mode during installation.