This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.408-4 released


Up2Date 9.408004 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-5349]: [AWS] Restore fails if UTM is created with backup file in user data
Fix [NUTM-5466]: [AWS] ssh disabled - No connection to stack instances
Fix [NUTM-5546]: [AWS] UTM Cloud Update does not work in GovCloud
Fix [NUTM-5654]: [AWS] Conversion should not be visible for HA and AS
Fix [NUTM-3203]: [Access & Identity] [RED] If creation of RED device fails, certificates are not deleted
Fix [NUTM-4948]: [Access & Identity] [RED] Enabling wireless on RED15w causes 'link down'
Fix [NUTM-5068]: [Access & Identity] [RED] TCP Vulnerability (CVE-2016-5696)
Fix [NUTM-5173]: [Basesystem] Memory (swap) leak in RAID monitor
Fix [NUTM-5407]: [Basesystem] OpenSSL security update (1.0.1u)
Fix [NUTM-5461]: [Basesystem] BIND Security update (CVE-2016-2776)
Fix [NUTM-5714]: [Basesystem] CVE-2016-5195 - Linux Kernel - Dirty Cow
Fix [NUTM-3042]: [Configuration Management] Advanced Threat Protection page error when login as Network Protection Auditor
Fix [NUTM-4215]: [Documentation, Email] POP3 Proxy reporting source IP of 0.0.0.0
Fix [NUTM-4840]: [Email] Email is automatically released after timeout from Sandstorm
Fix [NUTM-5285]: [Email] SMTP file extension filter is case sensitive
Fix [NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue
Fix [NUTM-4938]: [Endpoint] Customers who expand their EP license do not get EP Protection enabled
Fix [NUTM-5049]: [Endpoint] Liveconnect Connectivity Issue
Fix [NUTM-4400]: [HA/Cluster] pg_ctl: PID file "/var/storage/pgsql92/data/postmaster.pid" does not exist
Fix [NUTM-3158]: [Kernel] Kernel freeze when running Web Proxy in full transparent mode
Fix [NUTM-3490]: [Network] Ethernet Bridge with dynamic IP looses connectivity after IP renewal
Fix [NUTM-4592]: [Network] OSPF: SSL VPN route injection still not working in 9.404
Fix [NUTM-5147]: [Network] Kernel panic on several SG135 - Kernel Fixes
Fix [NUTM-5542]: [SUM] Availability Group is unresolved after it was re-deployed without a real change
Fix [NUTM-5207]: [Sandboxd] Sandbox error when downloading a file with an umlaut in file name
Fix [NUTM-5209]: [Sandboxd] sandboxd is unable to open database file due to wrong ownership
Fix [NUTM-4816]: [Up2Date] Up2Date downloader logs errors in uplink balancing setups
Fix [NUTM-488]: [Virtualization] Fix unstable NIC ordering on VMWare
Fix [NUTM-5334]: [WebAdmin] Authenticated users might gain access to stored passwords (CVE-2016-7397, CVE-2016-7442)
Fix [NUTM-4167]: [Web] Web Protection Reporting filtered by departments doesn't provide all data
Fix [NUTM-4806]: [Web] sandboxd is unable to insert into TransactionLog on HA setup
Fix [NUTM-4876]: [Web] URL request to parent proxy seems to be send as http request instead of https
Fix [NUTM-5136]: [Web] Web proxy in transparent mode removes authentication header
Fix [NUTM-5082]: [WiFi] IPSec traffic is not routed properly if the client is connected over Hotspot
Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly

RPM packages contained:
libopenssl1_0_0-1.0.1k-377.g141d7d0.rb6.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1k-377.g141d7d0.rb6.i686.rpm
libudev0-147-0.84.1.1627.ge0459ac.rb3.i686.rpm
awslogs-agent-1.3-0.239376395.g5d4adea.rb3.noarch.rpm
cm-nextgen-agent-9.40-12.gb09699e.rb2.i686.rpm
openssl-1.0.1k-377.g141d7d0.rb6.i686.rpm
perf-tools-3.12.58-0.242991202.g6d80412.i686.rpm
red-firmware2-5035-0.239114881.gbf961ff.rb1.noarch.rpm
red15-firmware-5035-0.242907480.g0c31ce4.noarch.rpm
udev-147-0.84.1.1627.ge0459ac.rb3.i686.rpm
vmware-tools-10.0.5.3227872-4.ga4d6c51.rb4.i686.rpm
ep-aua-9.40-37.g1ed9537.rb4.i686.rpm
ep-branding-ASG-afg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-ang-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-asg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-atg-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-branding-ASG-aug-9.40-48.g7e7ac40.rb4.noarch.rpm
ep-confd-9.40-813.g1f7ad66.rb1.i686.rpm
ep-confd-tools-9.40-759.g324aec8.rb10.i686.rpm
ep-ha-aws-9.40-217.g381995a.rb2.noarch.rpm
ep-logging-9.40-3.gc1acc31.rb2.i686.rpm
ep-mdw-9.40-504.g56eb6d4.i686.rpm
ep-raidtools-9.40-1.gc070d91.rb3.i686.rpm
ep-repctl-0.1-0.239828293.gcd71515.rb3.i686.rpm
ep-restd-9.40-0.243093672.gaf004a9.rb1.i686.rpm
ep-sandboxd-9.40-0.239754530.g04924b1.rb2.i686.rpm
ep-up2date-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-downloader-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-pattern-install-9.40-15.gacd1c39.rb5.i686.rpm
ep-up2date-system-install-9.40-15.gacd1c39.rb5.i686.rpm
ep-webadmin-9.40-674.gc39ecfa.rb6.i686.rpm
ep-cloud-ec2-9.40-35.ga95c9eb.rb2.i686.rpm
ep-chroot-httpd-9.40-20.g92cce9f.rb4.noarch.rpm
ep-chroot-smtp-9.40-116.g9971304.rb2.i686.rpm
chroot-bind-9.10.4_P3-0.240528799.g5a47ed3.rb5.i686.rpm
chroot-httpd-2.4.18-1.g2b998a8.rb6.i686.rpm
chroot-openvpn-9.40-27.g2d31a41.rb3.i686.rpm
ep-chroot-pop3-9.40-11.g1291cd5.rb2.i686.rpm
ep-httpproxy-9.40-357.g7e74ab8.rb5.i686.rpm
kernel-smp-3.12.58-0.242991202.g6d80412.i686.rpm
kernel-smp64-3.12.58-0.242991202.g6d80412.x86_64.rpm
ep-release-9.408-4.noarch.rpm



This thread was automatically locked due to age.
Parents
  • My VM did the update, and I had problems. Not normal ones. Box was up but ethernet was not working. Restarted, got errors on eth3 (HA link interface) during boot. Took a long time to boot due to ethernet errors. Once booted still couldn't ping it from my workstation. HA backup system had been offline for a few days so I powered it up. It's working fine. Not going to update it yet.

    Have the same setup at my home. Updated to 9.408 just fine just now.


    Follow up:

    With sometime to investigate, I turned off all the connections in ESXi to the interfaces and let the system come up. Logged into the console, checked the ethernet interfaces, 3 out of 4 ethernet interfaces got relabeled.

    eth0 -> eth0

    eth1 -> rename3

    eth2 - > eth1

    eth3 -> eth2

    I'm guessing "NUTM-488 [Virtualization] Fix unstable NIC ordering on VMWare" broke my VM.


    Follow up:

    It appears the update made it so the VM interface order matched the ethX order? (Atleast that's what happened here, and it now works as you would think it should.)

    I modified the /etc/udev/rules.d/70-persistent-net.rules to add the missing 4th interface and modified the VM network interface map to match.

    My main VM is back online.

  • RichardRoderick said:
    With sometime to investigate, I turned off all the connections in ESXi to the interfaces and let the system come up. Logged into the console, checked the ethernet interfaces, 3 out of 4 ethernet interfaces got relabeled.

    Same problem here, but no matter what I do, I can't get the missing interface back up.

    I've synced my VM interface MAC's with the contents of the rules file, restarted, but the UTM still doesn't see it. Do I have to do anything extra?

  • I had to do:

    ifconfig eth5 up
    setitfhw.plx

    before it was recognized. After this I could re-enable the interface, swap nodes, change the rules file there as well, then cycle the HA cluster to get everything back up again.

    This has taught me not to update too soon, lesson learned here... :-(

Reply
  • I had to do:

    ifconfig eth5 up
    setitfhw.plx

    before it was recognized. After this I could re-enable the interface, swap nodes, change the rules file there as well, then cycle the HA cluster to get everything back up again.

    This has taught me not to update too soon, lesson learned here... :-(

Children
No Data