Thread Info
  • Locked Locked
  • Replies 127 replies
  • Subscribers 57 subscribers
  • Views 249565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

twister5800

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)

News

· Security Update
Remarks

· System will be rebooted
Bugfixes

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q



This thread was automatically locked due to age.
  • in reply to eremit
    also see no images in the daily pdf-report any more...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • in reply to eremit
    Is it possible to get this rpm over your side? support answers really slow...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • My home install is now at 9.3526 (and has the new bugs). Luckily I didn't yet fully update my work UTM's.
    I did bring them to 9.315-2, but now I'm wondering whether I should bring them to 9.317-5 or to 9.351-3 (or keep them at 9.315-2).....

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • in reply to zaphod
    I'm sorry to let you know that I'm not allowed to distribute any RPMs or direct file replacements here.

    Cheers,

    Sascha Rudolph
    Senior Software Engineer, NSG

  • in reply to apijnappels
    9.351-3 is good to go ;-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

  • Same problem with Flow Monitor and Concurrent Connections, as reported by others.

    Release 9.352-6
  • in reply to eremit
    Just an info for all licensed Sophos Users without partner-status or without gold/platinum support:

    even you got an paid license for your UTM you will not receive the needed RPM-File from sophos support.

    You need to contact your Sophos Partner to get the file.

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • Same issue
    Firmware: 9.352-6

    Any ETA for the fixes?
  • in reply to eremit

    eremit said:
    We had been able to reproduce and identify the source of the issue in the so-called Flow Monitor

    So called Flow Monitor??? This is the product you are selling... and it is called flow monitor... What do you mean so called flow monitor. All you guys did was apply an SSL patch and fixed a vulnerability that specifically affected webadmin. All you had to do was QA the daemons that are affected by SSL connections and webadmin itself. Anyone using the UTM can tell you what to test without even knowing all the other dependencies.  

    1. Test webadmin.

    2. Test WAF.

    3. Test SMTP.

    4. Any other dependencies.

    You guys didn't even test webadmin??? Is anybody doing QA or someone downloaded the binary and changed it to an rpm and hoped it will work. Two separate trees same problem??? Now a casual contact your reseller/ don't know when it will be fixed??? Really strange what is going on at sophos [:^)]

  • in reply to eremit
    Hi Sascha, and what about the other problems?
    Like mail can not be forwarded anymore ...
    community.sophos.com/.../73294
    using: 9.352-6
    Regards
Unfiltered HTML