Thread Info
  • Locked Locked
  • Replies 85 replies
  • Subscribers 50 subscribers
  • Views 106209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.410-6 released

twister5800


Up2Date 9.410006 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-534]: [AWS] Template update notification
Fix [NUTM-6178]: [AWS] pg_xlog directory filling up on AWS deployments
Fix [NUTM-6186]: [AWS] Make all UTM logs available in AWS CloudWatch
Fix [NUTM-6224]: [AWS] awslogs daemon init script: restart broken
Fix [NUTM-6296]: [AWS] REST API doesn't work in cluster mode
Fix [NUTM-6402]: [AWS] [RESTD] Session is not closed after token is deleted
Fix [NUTM-5846]: [Access & Identity] IPsec Remote Access use the IP address instead of the username in the log
Fix [NUTM-6174]: [Access & Identity] [RED] mobile_network config part not pushed to prov
Fix [NUTM-6218]: [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
Fix [NUTM-6374]: [Access & Identity] REDs with static WAN config are offline after update to v9.409
Fix [NUTM-6375]: [Access & Identity] Cisco VPN with iOS doesn't work after update to 9.409
Fix [NUTM-3152]: [Basesystem] libxml2 security update (CVE-2013-2877)
Fix [NUTM-5158]: [Basesystem] glibc security update
Fix [NUTM-5726]: [Basesystem] Follow up NUTM-5403 - Sometimes slave stuck in syncing indefinitely after failover
Fix [NUTM-5800]: [Basesystem] curl security update
Fix [NUTM-6127]: [Confd] Expired license loaded after reboot even if the valid license was imported already
Fix [NUTM-6396]: [Confd] Character ">" or "<" for password will change to "&lt;"
Fix [NUTM-5447]: [Documentation] Japanese description has the wrong vocabulary of black list at "Sender Blacklist" in user portal
Fix [NUTM-3515]: [Email] [SPX] Using 'ß' and ',' as windows-1252 in form breaks utf-8 conversion
Fix [NUTM-4932]: [Email] Password protected file passes SMTP proxy
Fix [NUTM-6196]: [Email] E-Mail with Sandstorm supported and unsupported files will be moved into quarantine
Fix [NUTM-6256]: [Email] SPX inserts Backslashes into nicename of receipient address
Fix [NUTM-5656]: [Endpoint, Web] Sandstorm feature does not work if SEC managed endpoints with Full Web Control are used
Fix [NUTM-5756]: [Network] Remove empty log lines coming from the firewall subsystem
Fix [NUTM-6202]: [SUM] After update to v9.358 the "guid" was recreated
Fix [NUTM-5717]: [Sandboxd] Respect "file OK" error responses from get/score for SB Proxy API 1.2
Fix [NUTM-6165]: [WAF] Additional cookie from WAF is added without HttpOnly detail
Fix [NUTM-6356]: [WebAdmin] AD User Test fails after first creation of an authentication server
Fix [NUTM-4118]: [Web] Still coredumps from httpproxy since installation of rpms from NUTM-3119
Fix [NUTM-5399]: [Web] httpproxy[xxxx]: segfault at 4 ip 00000000080c2113 sp 00000000ea8aee90 error 6 in httpproxy
Fix [NUTM-5561]: [Web] URL category name "Potiental Unwanted Programs" spelling mistake
Fix [NUTM-5663]: [Web] HTTP proxy restarted with core dumps in 9.407
Fix [NUTM-5834]: [Web] 'Force caching for Sophos Endpoint updates' doesn't seem to force caching
Fix [NUTM-5956]: [Web] UTM breaks auto-update on SAV for Mac
Fix [NUTM-6310]: [Web] Corrected ownership and permission of sandboxd db files
Fix [NUTM-5366]: [WiFi] Wireless Protection Manager doesn't have sufficient rights to edit time definitions
Fix [NUTM-5567]: [WiFi] APs remain inactive after being accepted on UTM
Fix [NUTM-6125]: [WiFi] Customized login page displays invalid characters

RPM packages contained:
glibc-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
glibc-locale-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
libcurl4-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
libsaviglue-9.40-6.g75ae555.rb5.i686.rpm
libsensors4-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
libxml2-2.7.6-0.50.1.1568.g1acae51.rb9.i686.rpm
cm-nextgen-agent-9.40-13.g5e13e9f.rb4.i686.rpm
curl-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
firmwares-bamboo-9400-0.247933954.g233cdf1.rb5.i586.rpm
freerdp-1.0.2-6.g0ecd430.rb6.i686.rpm
modcookie-9.40-95.g8f24856.rb6.i686.rpm
navl-tools-4.3.0.35-0.247268873.ga345596.rb5.i686.rpm
perf-tools-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
red-firmware2-5038-0.248960247.ge6f33ce.rb1.noarch.rpm
red15-firmware-5038-0.248960497.g001f267.rb5.noarch.rpm
ruby-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
ruby-common-2.0-3.1.1.1614.gc24aad5.rb4.noarch.rpm
ruby-devel-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
rubygem-addressable-2.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-v1-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-bundler-1.13.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-0.17.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-essentials-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-extras-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-fsm-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-pool-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-supervision-0.20.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-crack-0.4.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-diff-lcs-1.2.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-docile-1.1.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-gem2rpm-0.11.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hashdiff-0.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hitimes-1.2.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-json-1.8.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-little-plugger-1.1.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-logging-2.1.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-mini_portile2-2.0.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-multi_json-1.12.1-0.250018781.g4af754f.rb2.i686.rpm
rubygem-nokogiri-1.6.7.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pg-0.19.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pidfile-0.3.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-public_suffix-2.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-retries-0.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-core-3.5.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-expectations-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-mocks-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-support-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-safe_yaml-1.0.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sequel-4.42.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-0.12.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-html-0.10.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sophos-iaas-1.0.0-0.250769404.g60829c0.i686.rpm
rubygem-thor-0.19.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-timers-4.1.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-webmock-2.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-yard-0.9.5-0.250018781.g4af754f.rb2.i686.rpm
sensors-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
ep-reporting-9.40-34.gca719d9.rb5.i686.rpm
ep-reporting-resources-9.40-34.gca719d9.rb5.i686.rpm
ep-branding-ASG-afg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-ang-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-asg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-atg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-aug-9.40-50.g1bcd426.noarch.rpm
ep-confd-9.40-930.g4eb9865.i686.rpm
ep-confd-tools-9.40-887.g340860a.rb11.i686.rpm
ep-cssd-9.40-27.gf72484e.rb3.i686.rpm
ep-ha-aws-9.40-375.g60829c0.noarch.rpm
ep-hardware-9.40-7.gaae91c6.rb4.i686.rpm
ep-hotspot-web-9.40-3.g05973ee.rb5.i686.rpm
ep-init-9.40-15.g16e98cd.rb4.noarch.rpm
ep-localization-afg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-ang-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-asg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-atg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-aug-9.40-32.g5661e6c.rb5.i686.rpm
ep-mdw-9.40-530.g96292a8.rb10.i686.rpm
ep-repctl-0.1-0.247179648.g78524e5.rb6.i686.rpm
ep-restd-9.40-0.250015768.ge75b9db.rb2.i686.rpm
ep-sandboxd-9.40-0.249594584.gee03869.rb2.i686.rpm
ep-webadmin-9.40-794.g24b46b1.rb16.i686.rpm
ep-cloud-ec2-9.40-46.g5495907.rb3.i686.rpm
ep-chroot-smtp-9.40-121.g780e765.rb4.i686.rpm
chroot-ipsec-9.40-14.g5e2e541.rb3.i686.rpm
ep-httpproxy-9.40-392.gc2d236b.rb5.i686.rpm
kernel-smp-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
kernel-smp64-3.12.58-0.247785862.g17c1041.rb7.x86_64.rpm
ep-release-9.410-6.noarch.rpm



This thread was automatically locked due to age.
  • in reply to logan517

    Hi,

    no there is no release date yet as we do not have a fix. The team is working with highest priority on understanding the issue and preparing a fix. Once that's done we will look for a release date.

    Additionally for each bug, there will be a root cause analysis, to see why this issue happened and slipped through automated and manual testing.

    /talex

    - 21 is only half of the truth

  • in reply to talex

    We have another Problem.

     

    In the filesystem the partition / and /tmp running full and the interface etc. stop working - the whole cluster, not one node!

    eg:
    df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/sda6 5.2G 5.2G 0G 100% /
    udev 24G 76K 24G 1% /dev
    tmpfs 24G 0 24G 0% /dev/shm
    /dev/sda1 331M 16M 295M 5% /boot
    /dev/sda5 172G 8.9G 154G 6% /var/storage
    /dev/sda7 225G 12G 202G 6% /var/log
    /dev/sda8 9.0G 9.0G 0G 100% /tmp

     

    There are a lot of files like:

    -rw------- 1 root root 233M Feb 1 09:50 AV-malware-names-1094-VLagrl
    -rw------- 1 root root 233M Feb 1 09:51 AV-malware-names-1788-fzDYVK
    -rw------- 1 root root 233M Feb 1 09:52 AV-malware-names-2366-d4l4yC
    -rw------- 1 root root 233M Feb 1 09:48 AV-malware-names-37493-0P6vCD
    -rw------- 1 root root 233M Feb 1 09:50 AV-malware-names-378-2iZHcO
    -rw------- 1 root root 233M Feb 1 09:48 AV-malware-names-39966-GzykEb
    -rw------- 1 root root 233M Feb 1 09:49 AV-malware-names-40819-orvGsl
    -rw------- 1 root root 233M Feb 1 09:52 AV-malware-names-4382-UzSqnv
    -rw------- 1 root root 233M Feb 1 09:53 AV-malware-names-5222-EKtCOO
    -rw------- 1 root root 233M Feb 1 09:54 AV-malware-names-6236-KfUFp6
    -rw------- 1 root root 233M Feb 1 09:55 AV-malware-names-6745-Iw3p7y
    -rw-r--r-- 1 root root 497M Feb 1 11:07 cssd.2266
    -rw-r--r-- 1 root root 672M Feb 1 11:02 cssd.34726
    -rw-r--r-- 1 root root 685M Feb 1 11:04 cssd.36323
    -rw-r--r-- 1 root root 673M Feb 1 11:04 cssd.37969
    -rw-r--r-- 1 root root 663M Feb 1 11:05 cssd.804

     

    We have to login via console and delete these file.

    Has someone such a problem?

    I've already set the workaround

  • Hi

    After updating some of my servers are having problems with the http proxy service "Http proxy not running - restarted"

    Is anyone else experiencing this issue?

     
  • in reply to Mauricio Viola

    Same here.  Http proxy restarting 2 - 3 times a day since the update.

  • in reply to RufusToofus

    As an admin in a small company the UTM needs to be "fire and forget" and that includes updates. Translated to business speak: We pay ~1000€/year in licenses for exactly these things not happening. "Just works" is the raison d'être of the whole thing. If I want work, I'll roll an UTM myself from scratch and source code. Not a big deal, 10 years ago I did exactly that. It was timeconsuming but I obviously knew exactly what was going on - I fixed exactly these types of problems regularly. Then came Astaro and it actually worked and problems were taken care of. Today, I cannot say that anymore even though our feature set has not changed.

    Not meaning to be snarky - an honest question:

    Is there someone regularly monitoring these forums and curating information about the firmware updates? I would pay real money for a website that presents a real, honest and independant list of UTM firmware releases with these fields in a table:

    • Release number and date
    • Number of known good-working installations with modules used in those installations (email filtering, iOS VPN via IPsec, iOS VPN via OpenVPN, Web proxy with scanning... you get the idea)
    • Known problems per module with links to the forum posts or bug numbers (ideally with information in which release it was fixed or will likely be fixed)

    I cannot believe anymore that there is a *comprehensive* test suite inside Sophos. Too many things have slipped through in the past. Maybe such a thing is not even possible given the feature set and user numbers.

    Another option for Sophos would be to make insider builds and carefully craft a group of users ("lab rats") with diverse enough feature sets to actually make me as a not-insider feel safe about the updates. These should be paid. I am talking the order of 50-200% of their licensing fees.

    Writing this I feel like back when Astaro came around: Doing superflous work (then on rolling my own stuff, now debugging bugs) and looking for something actually just friggin working!

    -- a disgruntled customer

  • in reply to gkalc

    Same problem by us, after update we are receiving the notifications ca every 2 hours that Http proxy not running - restarted.

    I try to google it and find that at least changing the frequency of looking for Sophos updates can decrease it, but we really need some proper fix for this.

    Anyone from Sophos who can look into this issue and either prepare new fixed update or propose some other solution?

  • Since the update to 9.410-6 we are experiencing the load increase too on all firewalls we manage for our customers.
    We are using the latest SUM on all of these, and I'm getting a lot of "[INFO-136] ACC device agent not running - restarted" messages since the update to the latest UTM version...

    Looks like 9.410 is a bit buggy?

  • in reply to gkalc

    And the SUM client "ACC" too

  • Looks like there is a bug with the sophos av engine which leads to smtp time outs.

    Workaround:  switch to single scan mode with avira.

Unfiltered HTML