Up2Date 9.408004 package description:
Remarks: System will be rebooted Configuration will be upgraded Connected REDs will perform firmware upgrade
News: Maintenance Release
Bugfixes: Fix [NUTM-5349]: [AWS] Restore fails if UTM is created with backup file in user data Fix [NUTM-5466]: [AWS] ssh disabled - No connection to stack instances Fix [NUTM-5546]: [AWS] UTM Cloud Update does not work in GovCloud Fix [NUTM-5654]: [AWS] Conversion should not be visible for HA and AS Fix [NUTM-3203]: [Access & Identity] [RED] If creation of RED device fails, certificates are not deleted Fix [NUTM-4948]: [Access & Identity] [RED] Enabling wireless on RED15w causes 'link down' Fix [NUTM-5068]: [Access & Identity] [RED] TCP Vulnerability (CVE-2016-5696) Fix [NUTM-5173]: [Basesystem] Memory (swap) leak in RAID monitor Fix [NUTM-5407]: [Basesystem] OpenSSL security update (1.0.1u) Fix [NUTM-5461]: [Basesystem] BIND Security update (CVE-2016-2776) Fix [NUTM-5714]: [Basesystem] CVE-2016-5195 - Linux Kernel - Dirty Cow Fix [NUTM-3042]: [Configuration Management] Advanced Threat Protection page error when login as Network Protection Auditor Fix [NUTM-4215]: [Documentation, Email] POP3 Proxy reporting source IP of 0.0.0.0 Fix [NUTM-4840]: [Email] Email is automatically released after timeout from Sandstorm Fix [NUTM-5285]: [Email] SMTP file extension filter is case sensitive Fix [NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue Fix [NUTM-4938]: [Endpoint] Customers who expand their EP license do not get EP Protection enabled Fix [NUTM-5049]: [Endpoint] Liveconnect Connectivity Issue Fix [NUTM-4400]: [HA/Cluster] pg_ctl: PID file "/var/storage/pgsql92/data/postmaster.pid" does not exist Fix [NUTM-3158]: [Kernel] Kernel freeze when running Web Proxy in full transparent mode Fix [NUTM-3490]: [Network] Ethernet Bridge with dynamic IP looses connectivity after IP renewal Fix [NUTM-4592]: [Network] OSPF: SSL VPN route injection still not working in 9.404 Fix [NUTM-5147]: [Network] Kernel panic on several SG135 - Kernel Fixes Fix [NUTM-5542]: [SUM] Availability Group is unresolved after it was re-deployed without a real change Fix [NUTM-5207]: [Sandboxd] Sandbox error when downloading a file with an umlaut in file name Fix [NUTM-5209]: [Sandboxd] sandboxd is unable to open database file due to wrong ownership Fix [NUTM-4816]: [Up2Date] Up2Date downloader logs errors in uplink balancing setups Fix [NUTM-488]: [Virtualization] Fix unstable NIC ordering on VMWare Fix [NUTM-5334]: [WebAdmin] Authenticated users might gain access to stored passwords (CVE-2016-7397, CVE-2016-7442) Fix [NUTM-4167]: [Web] Web Protection Reporting filtered by departments doesn't provide all data Fix [NUTM-4806]: [Web] sandboxd is unable to insert into TransactionLog on HA setup Fix [NUTM-4876]: [Web] URL request to parent proxy seems to be send as http request instead of https Fix [NUTM-5136]: [Web] Web proxy in transparent mode removes authentication header Fix [NUTM-5082]: [WiFi] IPSec traffic is not routed properly if the client is connected over Hotspot Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly
RPM packages contained: libopenssl1_0_0-1.0.1k-377.g141d7d0.rb6.i686.rpm libopenssl1_0_0_httpproxy-1.0.1k-377.g141d7d0.rb6.i686.rpm libudev0-147-0.84.1.1627.ge0459ac.rb3.i686.rpm awslogs-agent-1.3-0.239376395.g5d4adea.rb3.noarch.rpm cm-nextgen-agent-9.40-12.gb09699e.rb2.i686.rpm openssl-1.0.1k-377.g141d7d0.rb6.i686.rpm perf-tools-3.12.58-0.242991202.g6d80412.i686.rpm red-firmware2-5035-0.239114881.gbf961ff.rb1.noarch.rpm red15-firmware-5035-0.242907480.g0c31ce4.noarch.rpm udev-147-0.84.1.1627.ge0459ac.rb3.i686.rpm vmware-tools-10.0.5.3227872-4.ga4d6c51.rb4.i686.rpm ep-aua-9.40-37.g1ed9537.rb4.i686.rpm ep-branding-ASG-afg-9.40-48.g7e7ac40.rb4.noarch.rpm ep-branding-ASG-ang-9.40-48.g7e7ac40.rb4.noarch.rpm ep-branding-ASG-asg-9.40-48.g7e7ac40.rb4.noarch.rpm ep-branding-ASG-atg-9.40-48.g7e7ac40.rb4.noarch.rpm ep-branding-ASG-aug-9.40-48.g7e7ac40.rb4.noarch.rpm ep-confd-9.40-813.g1f7ad66.rb1.i686.rpm ep-confd-tools-9.40-759.g324aec8.rb10.i686.rpm ep-ha-aws-9.40-217.g381995a.rb2.noarch.rpm ep-logging-9.40-3.gc1acc31.rb2.i686.rpm ep-mdw-9.40-504.g56eb6d4.i686.rpm ep-raidtools-9.40-1.gc070d91.rb3.i686.rpm ep-repctl-0.1-0.239828293.gcd71515.rb3.i686.rpm ep-restd-9.40-0.243093672.gaf004a9.rb1.i686.rpm ep-sandboxd-9.40-0.239754530.g04924b1.rb2.i686.rpm ep-up2date-9.40-15.gacd1c39.rb5.i686.rpm ep-up2date-downloader-9.40-15.gacd1c39.rb5.i686.rpm ep-up2date-pattern-install-9.40-15.gacd1c39.rb5.i686.rpm ep-up2date-system-install-9.40-15.gacd1c39.rb5.i686.rpm ep-webadmin-9.40-674.gc39ecfa.rb6.i686.rpm ep-cloud-ec2-9.40-35.ga95c9eb.rb2.i686.rpm ep-chroot-httpd-9.40-20.g92cce9f.rb4.noarch.rpm ep-chroot-smtp-9.40-116.g9971304.rb2.i686.rpm chroot-bind-9.10.4_P3-0.240528799.g5a47ed3.rb5.i686.rpm chroot-httpd-2.4.18-1.g2b998a8.rb6.i686.rpm chroot-openvpn-9.40-27.g2d31a41.rb3.i686.rpm ep-chroot-pop3-9.40-11.g1291cd5.rb2.i686.rpm ep-httpproxy-9.40-357.g7e74ab8.rb5.i686.rpm kernel-smp-3.12.58-0.242991202.g6d80412.i686.rpm kernel-smp64-3.12.58-0.242991202.g6d80412.x86_64.rpm ep-release-9.408-4.noarch.rpm
installed at home at my zotac.. ipsec tunnel is up machine is running. no problems yet at this box ;-)
greets
zaphod___________________________________________
Home: Zotac CI321 (8GB RAM / 120GB SSD) with latest Sophos UTMWork: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...
still no IPv6 fixes -> disappointed
---
Sophos UTM 9.3 Certified Engineer
Looks like "[NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue" is fixed weee :-)
This was not possible with 9.407 :-)
-----
Best regardsMartin
Sophos XGS 2100 @ Home | Sophos v19 Architect
Hi, any new bugs?
Cheers Andreas
UTM SCE/SCA | Endpoint SCE
This seems to be only on the Client end. My UTM on 9.408 yet reports the following:
loginuser@sophos_utm:/home/login > openssl versionOpenSSL 1.0.1k 8 Jan 2015
Regards Simon
Sophos XG 17.5.1 MR-1 | Dell 7010 | Intel(R) Core(TM) i5-3550 CPU @ 3.70GHz | 8GB MemorySamsung EVO 850 120GB SDD | 1x Intel 82574L / 2x 82571EB Gigabit Ethernet Controller (rev 06)
still no IPv6 fixes on WAN Interface. :-(
Has the MTU issues been fixed yet?????
Yes, MTU issue was addressed in 407. Check it's thread for how to implement the fix.
I would say it was patched more than fixed. I think a better question would be, do we still need to manually edit files rather than just ticking the box in the GUI. If I apply this update will I need to edit the network config again?
think you need to fix it with ssh as described.. no gui option do it for you atm...