Issue: Sophos UTM 9.410 up2date may corrupt boot loader
First Seen: up2date from 9.409 to 9.410
Details: Customers that have installed Sophos UTM 9.409 using Hardware Virtual Machine (HVM) virtualization may corrupt the boot loader during the up2date process to Sophos UTM 9.410. The cause of the issue is the up2date process using the boot loader based on the older Paravirtual (PV) virtualization. Working with AWS, we’ve identified which customers may be affected by this issue and sent those customers an email advising not to upgrade.
Resolution: Our next up2date package will use the correct boot loader for HVM. Target release date is next week. For customers that may have missed the email or accidentally upgraded, you can follow the steps listed in Sophos UTM: How to recover UTM on AWS after updating to 9.410.
If you have questions or need assistance, please contact email@example.com or firstname.lastname@example.org
Can I assume that my company's AWS instance is safe to Up2Date to 9.410 since we've received no email from Sophos or AWS relative to this issue?
Cheers - Bob
It's possible that you have the PV version of Sophos UTM, which doesn't have this issue. However, confirming if you're running a PV or HVM can be cumbersome. I'd recommend you hold off until we resolve the issue in up2date. We should have this sorted out by next week.
Appreciate your patience.
UTM Up2Date 9.411 has been released which addresses this issue. You can refer to release notes here.
Please note that all customers using Sophos UTM on AWS should install Up2Date 9.411 before installing any future releases. Fixes in Up2Date 9.411 ensure that all future Up2Date releases for AWS customers do not experience similar problems. In short, do not skip UTM Up2Date 9.411.
Again, if you have questions or need assistance, please contact email@example.com or firstname.lastname@example.org.
Well, as I mentioned in a PM to Nicolas Dürr, I had tried to install 9.410 in AWS prior to seeing this. I wound up with a partially-complete Up2Date that still showed version 9.409. When I tried to install 9.411, it failed in the first step after unpacking:
2017:02:09-09:50:26 utm auisys: Failed testing RPM installation (command: 'rpm --test -U --nodeps /var/up2date/sys-install/u2d-sys-9.411003/rpms/ruby-devel-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm')
I'll just launch a new instance after killing the old one. Let me know if anyone wants to look at the relevant Up2Date logs before I shut it down.