Confirmation for Compliancy

Exim was updated to the latest version with the latest UTM Version. Therefore those CVE are not applied, as all of them applied to older versions. 

You can also create a support case for confirmation. 

Exim was updated to the latest version with the latest UTM Version. Therefore those CVE are not applied, as all of them applied to older versions. 

You can also create a support case for confirmation. 

Thank you for you response but I can't agree completely, Latest Exim version is 4.94.2. UTM on the latest firmware 9.705-3 has Exim 4.82.1

I have done support request and received confirmation already, however PCI compliancy organisation doesn't find it sufficient, hence me looking out for other community members experiences in similar situations and getting CVEs of interest confirmed in publicly accessible space due to lack of KB articles so I can provide link as justification for the above organisation.

See: https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-706-9-released

That changes it, thanks. Up2DAte hasn't yet detected available update on the UTM in question, so I'll get to do it manually.

Hi and welcome to the UTM Community!

The easiest way is to do the following:

First, check some things. As root at the command line:

#cc get up2date system_download_interval

This latter returns: 10 = Manual or Monthly, 0 = Every 15 mins, etc. Note this! 

Let's set the interval to Manual:
#cc set up2date system_download_interval 10

cd /var/up2date/sys
wget --no-check-certificate ftp.astaro.com/pub/UTM/v9/up2date/u2d-sys-9.705003-706008.tgz.gpg
wget --no-check-certificate ftp.astaro.com/pub/UTM/v9/up2date/u2d-sys-9.706008-706009.tgz.gpg
/sbin/auisys.plx --showdesc

Wait 10 minutes after the auisys command starts and then install in WebAdmin. You are now at 9.706-9.  After the Up2Dates are completed, change 'Firmware download interval' back on the 'Configuration' tab or go back to the command line and set it there.

Cheers - Bob