This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update 9.717003 without release official notes / blog entry?

Hello,

my UTM total send a notification.

Up2Date 9.717003 package description:

Remarks:
 System will be rebooted
 Configuration will be upgraded

News:
 Maintenance Release

Bugfixes:
 Fix [NUTM-14362]: [Basesystem] Increase granularity of ethernet offload options
 Fix [NUTM-14368]: [Email] Exim: libspf2 vulnerability - CVE-2023-42118

RPM packages contained:
 libspf2-1.2.10-2.gc596159.rb1.i686.rpm            
 ep-confd-9.70-985.g1195e5bdf.rb1.i686.rpm         
 ep-mdw-9.70-906.ga33c437a.i686.rpm                
 ep-release-9.717-3.noarch.rpm  

any more information, possible high security issue?



This thread was automatically locked due to age.
Parents
  • NUTM-14362 seems to be related to an issue Helmut and Dirk described in the german forum: here. It affects only I40E NICs.
    NUTM-14368 seems to be the fix to the EXIM vulnerability recently announced here. A fix for the libspf was announced, date TBD.

    Glad to see it be fixed for a product with less than 3 years remaining lifetime, probably the support and customer relation teams are busy with the upcoming R20 of sophos firewall software and did not yet find time for proper communication.

Reply
  • NUTM-14362 seems to be related to an issue Helmut and Dirk described in the german forum: here. It affects only I40E NICs.
    NUTM-14368 seems to be the fix to the EXIM vulnerability recently announced here. A fix for the libspf was announced, date TBD.

    Glad to see it be fixed for a product with less than 3 years remaining lifetime, probably the support and customer relation teams are busy with the upcoming R20 of sophos firewall software and did not yet find time for proper communication.

Children
No Data