UTM Up2date 9.715 released

We've just released UTM version 9.7 MR15 (9.715). As usual, the release will be rolled out in phases:

• In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.
  • Up2date package – 9.714 to 9.715 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.714004-715003.tgz.gpg
  • Md5sum is 8f41c6e22f7a4422e61ee5daa1d3f883 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.714004-715003.tgz.gpg.md5
• During phase 2 we will make it available via our Up2Date servers in several stages.
• In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Details of this release, along with previous releases, can be found on our official release notes page.

Other news

• Maintenance Release
• Security Release

Remarks

• System will be rebooted
• Configuration will be upgraded

Added Features

To help customers planning to migrate from SG UTM across to our next-generation XGS platform, we have made it easier to access the RED unlock code. This code is required when changing a RED device so that it managed by and connected through a different UTM or Firewall.

In 9.7 MR15, when you delete a RED device from the UTM WebAdmin console, WebAdmin will display the unlock code in a pop-up message confirming the delete action. It will also send an email notification containing the unlock code to the email addresses listed as “Notification Recipients” under Management > Notifications > Global.

Issues Resolved

• NUTM-14054, NUTM-14049 [AWS] PAYG license expires if you turn on IMDSv2
• NUTM-14015 [AWS] Unable to startup AWS HVM instance after reboot
• NUTM-13908 [Basesystem] IPsec doesn't reconnect on DHCP interface after firmware upgrade
• NUTM-13906 [Basesystem] Address DHCP vulnerabilities: CVE-2022-2928, CVE-2022-2929
• NUTM-13770 [Basesystem] Turn off the autocomplete attribute in the password field for RESTful API authentication
• NUTM-13490 [Basesystem] Address vulnerabilities in Zlib: CVE-2018-25032, CVE-2022-37434
• NUTM-13489 [Basesystem] Address bind vulnerabilities
• NUTM-13488 [Basesystem] Address vulnerability in GNU tar: CVE-2021-20193
• NUTM-12593 [Basesystem] Add backend configuration for IPS SMTP Memcap
• NUTM-14016 [RED] All RED connections drop and reconnect after RED server core dump
• NUTM-13656 [Sandstorm] Excessive Sandbox database error messages in system.log
• NUTM-13898 [Wireless] Address local WiFi driver vulnerabilities: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722