This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)


· Security Update

· System will be rebooted

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q

This thread was automatically locked due to age.
  • Hi all:

    First of all, many thanks for pointing our attention to this issue.

    We had been able to reproduce and identify the source of the issue in the so-called Flow Monitor and will provide a fix in a future version.

    Sascha Rudolph
    Senior Software Engineer


    Sascha Rudolph
    Senior Software Engineer, NSG

  • Hi Sascha,
    comes the Bugfix up2date version in the next days, or can the Sophos support fix this issues with an rpm package installation?
    One of my customer nee this fix fast on his main Gateway.

    Greetings Andy

    Cheers Andreas


    UTM SCE/SCA | Endpoint SCE

  • Hi Andy:

    Support will be provided a corresponding RPM - so they will be able to fix this issue on customer boxes.

    Unfortunately I cannot give you any information on the Up2date schedule and when this fix will be pushed out.



    Sascha Rudolph
    Senior Software Engineer, NSG

  • Is it possible to get this rpm over your side? support answers really slow...



    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • Is it possible to get this rpm over your side? support answers really slow...



    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • I'm sorry to let you know that I'm not allowed to distribute any RPMs or direct file replacements here.


    Sascha Rudolph
    Senior Software Engineer, NSG

  • Just an info for all licensed Sophos Users without partner-status or without gold/platinum support:

    even you got an paid license for your UTM you will not receive the needed RPM-File from sophos support.

    You need to contact your Sophos Partner to get the file.



    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • Totally off topic but how well does that Zotac box work for Sophos UTM at home? TIA
  • Hi Ryan,

    yes offTopic... but to answer your question i run that zotac box now for 3 months as my primary firewall at home with UTM 9 and it runs awesome.. using webproxy, IPS, ATP, one IPSEC-tunnel, ssl-vpn.. it runs smooth and have no problems.. its typical home environment with about 15 clients and a 50/2 internet-link.





    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...