This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.408-4 released

Up2Date 9.408004 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-5349]: [AWS] Restore fails if UTM is created with backup file in user data
Fix [NUTM-5466]: [AWS] ssh disabled - No connection to stack instances
Fix [NUTM-5546]: [AWS] UTM Cloud Update does not work in GovCloud
Fix [NUTM-5654]: [AWS] Conversion should not be visible for HA and AS
Fix [NUTM-3203]: [Access & Identity] [RED] If creation of RED device fails, certificates are not deleted
Fix [NUTM-4948]: [Access & Identity] [RED] Enabling wireless on RED15w causes 'link down'
Fix [NUTM-5068]: [Access & Identity] [RED] TCP Vulnerability (CVE-2016-5696)
Fix [NUTM-5173]: [Basesystem] Memory (swap) leak in RAID monitor
Fix [NUTM-5407]: [Basesystem] OpenSSL security update (1.0.1u)
Fix [NUTM-5461]: [Basesystem] BIND Security update (CVE-2016-2776)
Fix [NUTM-5714]: [Basesystem] CVE-2016-5195 - Linux Kernel - Dirty Cow
Fix [NUTM-3042]: [Configuration Management] Advanced Threat Protection page error when login as Network Protection Auditor
Fix [NUTM-4215]: [Documentation, Email] POP3 Proxy reporting source IP of 0.0.0.0
Fix [NUTM-4840]: [Email] Email is automatically released after timeout from Sandstorm
Fix [NUTM-5285]: [Email] SMTP file extension filter is case sensitive
Fix [NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue
Fix [NUTM-4938]: [Endpoint] Customers who expand their EP license do not get EP Protection enabled
Fix [NUTM-5049]: [Endpoint] Liveconnect Connectivity Issue
Fix [NUTM-4400]: [HA/Cluster] pg_ctl: PID file "/var/storage/pgsql92/data/postmaster.pid" does not exist
Fix [NUTM-3158]: [Kernel] Kernel freeze when running Web Proxy in full transparent mode
Fix [NUTM-3490]: [Network] Ethernet Bridge with dynamic IP looses connectivity after IP renewal
Fix [NUTM-4592]: [Network] OSPF: SSL VPN route injection still not working in 9.404
Fix [NUTM-5147]: [Network] Kernel panic on several SG135 - Kernel Fixes
Fix [NUTM-5542]: [SUM] Availability Group is unresolved after it was re-deployed without a real change
Fix [NUTM-5207]: [Sandboxd] Sandbox error when downloading a file with an umlaut in file name
Fix [NUTM-5209]: [Sandboxd] sandboxd is unable to open database file due to wrong ownership
Fix [NUTM-4816]: [Up2Date] Up2Date downloader logs errors in uplink balancing setups
Fix [NUTM-488]: [Virtualization] Fix unstable NIC ordering on VMWare
Fix [NUTM-5334]: [WebAdmin] Authenticated users might gain access to stored passwords (CVE-2016-7397, CVE-2016-7442)
Fix [NUTM-4167]: [Web] Web Protection Reporting filtered by departments doesn't provide all data
Fix [NUTM-4806]: [Web] sandboxd is unable to insert into TransactionLog on HA setup
Fix [NUTM-4876]: [Web] URL request to parent proxy seems to be send as http request instead of https
Fix [NUTM-5136]: [Web] Web proxy in transparent mode removes authentication header
Fix [NUTM-5082]: [WiFi] IPSec traffic is not routed properly if the client is connected over Hotspot
Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly

RPM packages contained:
libopenssl1_0_0-1.0.1k-377.g141d7d0.rb6.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1k-377.g141d7d0.rb6.i686.rpm
libudev0-147-0.84.1.1627.ge0459ac.rb3.i686.rpm
awslogs-agent-1.3-0.239376395.g5d4adea.rb3.noarch.rpm
cm-nextgen-agent-9.40-12.gb09699e.rb2.i686.rpm
openssl-1.0.1k-377.g141d7d0.rb6.i686.rpm
perf-tools-3.12.58-0.242991202.g6d80412.i686.rpm
red-firmware2-5035-0.239114881.gbf961ff.rb1.noarch.rpm
red15-firmware-5035-0.242907480.g0c31ce4.noarch.rpm
udev-147-0.84.1.1627.ge0459ac.rb3.i686.rpm
vmware-tools-10.0.5.3227872-4.ga4d6c51.rb4.i686.rpm
ep-aua-9.40-37.g1ed9537.rb4.i686.rpm
ep-branding-ASG-afg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-ang-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-asg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-atg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-aug-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-confd-9.40-813.g1f7ad66.rb1.i686.rpm
ep-confd-tools-9.40-759.g324aec8.rb10.i686.rpm
ep-ha-aws-9.40-217.g381995a.rb2.noarch.rpm
ep-logging-9.40-3.gc1acc31.rb2.i686.rpm
ep-mdw-9.40-504.g56eb6d4.i686.rpm
ep-raidtools-9.40-1.gc070d91.rb3.i686.rpm
ep-repctl-0.1-0.239828293.gcd71515.rb3.i686.rpm
ep-restd-9.40-0.243093672.gaf004a9.rb1.i686.rpm
ep-sandboxd-9.40-0.239754530.g04924b1.rb2.i686.rpm
ep-up2date-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-downloader-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-pattern-install-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-system-install-9.40-15.gacd1c39.rb5.i686.rpm
ep-webadmin-9.40-674.gc39ecfa.rb6.i686.rpm
ep-cloud-ec2-9.40-35.ga95c9eb.rb2.i686.rpm
ep-chroot-httpd-9.40-20.g92cce9f.rb4.noarch.rpm
ep-chroot-smtp-9.40-116.g9971304.rb2.i686.rpm
chroot-bind-9.10.4_P3-0.240528799.g5a47ed3.rb5.i686.rpm
chroot-httpd-2.4.18-1.g2b998a8.rb6.i686.rpm
chroot-openvpn-9.40-27.g2d31a41.rb3.i686.rpm
ep-chroot-pop3-9.40-11.g1291cd5.rb2.i686.rpm
ep-httpproxy-9.40-357.g7e74ab8.rb5.i686.rpm
kernel-smp-3.12.58-0.242991202.g6d80412.i686.rpm
kernel-smp64-3.12.58-0.242991202.g6d80412.x86_64.rpm
ep-release-9.408-4.noarch.rpm

This thread was automatically locked due to age.

zaphod over 5 years ago

installed at home at my zotac.. ipsec tunnel is up machine is running. no problems yet at this box ;-)

greets

zaphod
___________________________________________

Home: Zotac CI321 (8GB RAM / 120GB SSD) with latest Sophos UTM
Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...
Cancel
Vote Up 0 Vote Down

Cancel
Ben over 5 years ago in reply to zaphod

still no IPv6 fixes -> disappointed

---

Sophos UTM 9.3 Certified Engineer
Cancel
Vote Up 0 Vote Down

Cancel
twister5800 over 5 years ago

Looks like "[NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue" is fixed weee :-)

This was not possible with 9.407 :-)

-----

Best regards
Martin

Sophos XGS 2100 @ Home | Sophos v19 Architect
Cancel
Vote Up 0 Vote Down

Cancel
AndreasRieger over 5 years ago

Hi, any new bugs?

Cheers Andreas

UTM SCE/SCA | Endpoint SCE
Cancel
Vote Up 0 Vote Down

Cancel
dark moon over 5 years ago
NUTM-5407 [Basesystem] OpenSSL security update (1.0.1u)

This seems to be only on the Client end. My UTM on 9.408 yet reports the following:

loginuser@sophos_utm:/home/login > openssl version
OpenSSL 1.0.1k 8 Jan 2015
Regards Simon

Sophos XG 17.5.1 MR-1 | Dell 7010 | Intel(R) Core(TM) i5-3550 CPU @ 3.70GHz | 8GB Memory
Samsung EVO 850 120GB SDD | 1x Intel 82574L / 2x 82571EB Gigabit Ethernet Controller (rev 06)
Cancel
Vote Up 0 Vote Down

Cancel
ThorstenMimel over 5 years ago

still no IPv6 fixes on WAN Interface. :-(
Cancel
Vote Up 0 Vote Down

Cancel
FamilyHart over 5 years ago

Has the MTU issues been fixed yet?????
Cancel
Vote Up 0 Vote Down

Cancel
darrellr over 5 years ago in reply to FamilyHart

Yes, MTU issue was addressed in 407. Check it's thread for how to implement the fix.
Cancel
Vote Up 0 Vote Down

Cancel
brimur over 5 years ago in reply to darrellr

I would say it was patched more than fixed. I think a better question would be, do we still need to manually edit files rather than just ticking the box in the GUI. If I apply this update will I need to edit the network config again?
Cancel
Vote Up 0 Vote Down

Cancel
zaphod over 5 years ago in reply to brimur

think you need to fix it with ssh as described.. no gui option do it for you atm...

greets

zaphod
___________________________________________

Home: Zotac CI321 (8GB RAM / 120GB SSD) with latest Sophos UTM
Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...
Cancel
Vote Up 0 Vote Down

Cancel