This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)


· Security Update

· System will be rebooted

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q

This thread was automatically locked due to age.
  • Hi Sascha,
    comes the Bugfix up2date version in the next days, or can the Sophos support fix this issues with an rpm package installation?
    One of my customer nee this fix fast on his main Gateway.

    Greetings Andy

    Cheers Andreas


    UTM SCE/SCA | Endpoint SCE

  • Thanks for the instructions Bob. I'll give that a try. That could help me keep my live date with customer. Thanks you very much.

    I did not see the issue with 9.351-3 (version from yesterday. I'll try rolling one back to that and see what the results are.

    Edit 12/16 -

    I was able to use a backup config and install 9.351-3. I can confirm that I am not seeing an issue with accessing the flow monitor. It did take about 40 minutes of down time.

    With three more to do (at remote locations), it's going to cost my company several hundred dollars of lost time (can't be billed to customer) and the lost productivity due to network down time. So while it isn't the end of the world, it has turned out to be a costly bug for us.

    I also noticed I'm still being offered the 9.352-6 update. I would have thought it would be pulled due to issues to save someone who doesn't visit these boards the trouble and cost.

  • "Any idea when "future version" might be" Up2dates are usually released on a monthly basis. They could of course decide to do an emergency patch for this.

    " can the Sophos support fix this issues with an rpm package installation" Contact support to see if development has provided them with an rpm.
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.
  • 352-6 on pair of active active SG125's. Same behavior. Connection graph missing from home page. I did notice if I log out and log back in then everything but flow control loads correctly (including home page and executive report). Network Visibility won't let me toggle off. All this is with Internet Explorer 11.

    I switched to Firefox 42 and noticed I can toggle Network Visibility. I don't frequent this area (Application Control) but the Flow Monitor says "No Data Available" in the table. I don't know enough to know if this is normal or not.

     “Stay paranoid, my friends.”

  • This is why I always wait a couple of days and google the build or KB number for updates for pretty much any software prior to installing/upgrading/updating. Subscribed and hopefully will see a notification with the fix posted on in this thread.
  • Yeah, that's what I normally do as well, but I assumed coming here at this point would be fruitless. After reading all of the bug fixes in the prior update and seeing only 2 bug fixes on this one, I assumed they actually had this stabilized. I also assumed with the influx of capital from going public, that by now they had surely bought a better oven for baking these delectable "pies".

    Three assumptions, three fails.

    Of course I immediately came here (after it was too late) and first thread is BAlfson telling me not to. Doh!

     “Stay paranoid, my friends.”

  • "Three assumptions, three fails." At least they're consistent. Can't make assumptions, you need to base expectations on your observed long term standards of work.

    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.
  • also got this buggy firmware update installed. 9.352-6.
    thnx sophos for bringing this to GA.
    Do you do any tests before you bring such buggy things to GA? have you an QS/QM departement????



    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • Hi all:

    regarding the Daily Executive Report - you are talking about the Daily Executive Report which is send by Email as HTML, right?

    The bad news is, at the least the patches for regarding the XSS should not be the source of this issue, since they are only targeting on POST requests in WebAdmin.

    The corresponding images in the Executive Report are directly integrated in the Email (by cid) and are therefore fully unrelated to the patches we released in this update.

    I had a couple of test runs on the same version and I cannot confirm this behavior, though I had been using a fresh install instead of an updated machine.



    Sascha Rudolph
    Senior Software Engineer, NSG

  • Hi Andy:

    Support will be provided a corresponding RPM - so they will be able to fix this issue on customer boxes.

    Unfortunately I cannot give you any information on the Up2date schedule and when this fix will be pushed out.



    Sascha Rudolph
    Senior Software Engineer, NSG