Thread Info
  • Locked Locked
  • Replies 85 replies
  • Subscribers 50 subscribers
  • Views 106234 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.410-6 released

twister5800


Up2Date 9.410006 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-534]: [AWS] Template update notification
Fix [NUTM-6178]: [AWS] pg_xlog directory filling up on AWS deployments
Fix [NUTM-6186]: [AWS] Make all UTM logs available in AWS CloudWatch
Fix [NUTM-6224]: [AWS] awslogs daemon init script: restart broken
Fix [NUTM-6296]: [AWS] REST API doesn't work in cluster mode
Fix [NUTM-6402]: [AWS] [RESTD] Session is not closed after token is deleted
Fix [NUTM-5846]: [Access & Identity] IPsec Remote Access use the IP address instead of the username in the log
Fix [NUTM-6174]: [Access & Identity] [RED] mobile_network config part not pushed to prov
Fix [NUTM-6218]: [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
Fix [NUTM-6374]: [Access & Identity] REDs with static WAN config are offline after update to v9.409
Fix [NUTM-6375]: [Access & Identity] Cisco VPN with iOS doesn't work after update to 9.409
Fix [NUTM-3152]: [Basesystem] libxml2 security update (CVE-2013-2877)
Fix [NUTM-5158]: [Basesystem] glibc security update
Fix [NUTM-5726]: [Basesystem] Follow up NUTM-5403 - Sometimes slave stuck in syncing indefinitely after failover
Fix [NUTM-5800]: [Basesystem] curl security update
Fix [NUTM-6127]: [Confd] Expired license loaded after reboot even if the valid license was imported already
Fix [NUTM-6396]: [Confd] Character ">" or "<" for password will change to "&lt;"
Fix [NUTM-5447]: [Documentation] Japanese description has the wrong vocabulary of black list at "Sender Blacklist" in user portal
Fix [NUTM-3515]: [Email] [SPX] Using 'ß' and ',' as windows-1252 in form breaks utf-8 conversion
Fix [NUTM-4932]: [Email] Password protected file passes SMTP proxy
Fix [NUTM-6196]: [Email] E-Mail with Sandstorm supported and unsupported files will be moved into quarantine
Fix [NUTM-6256]: [Email] SPX inserts Backslashes into nicename of receipient address
Fix [NUTM-5656]: [Endpoint, Web] Sandstorm feature does not work if SEC managed endpoints with Full Web Control are used
Fix [NUTM-5756]: [Network] Remove empty log lines coming from the firewall subsystem
Fix [NUTM-6202]: [SUM] After update to v9.358 the "guid" was recreated
Fix [NUTM-5717]: [Sandboxd] Respect "file OK" error responses from get/score for SB Proxy API 1.2
Fix [NUTM-6165]: [WAF] Additional cookie from WAF is added without HttpOnly detail
Fix [NUTM-6356]: [WebAdmin] AD User Test fails after first creation of an authentication server
Fix [NUTM-4118]: [Web] Still coredumps from httpproxy since installation of rpms from NUTM-3119
Fix [NUTM-5399]: [Web] httpproxy[xxxx]: segfault at 4 ip 00000000080c2113 sp 00000000ea8aee90 error 6 in httpproxy
Fix [NUTM-5561]: [Web] URL category name "Potiental Unwanted Programs" spelling mistake
Fix [NUTM-5663]: [Web] HTTP proxy restarted with core dumps in 9.407
Fix [NUTM-5834]: [Web] 'Force caching for Sophos Endpoint updates' doesn't seem to force caching
Fix [NUTM-5956]: [Web] UTM breaks auto-update on SAV for Mac
Fix [NUTM-6310]: [Web] Corrected ownership and permission of sandboxd db files
Fix [NUTM-5366]: [WiFi] Wireless Protection Manager doesn't have sufficient rights to edit time definitions
Fix [NUTM-5567]: [WiFi] APs remain inactive after being accepted on UTM
Fix [NUTM-6125]: [WiFi] Customized login page displays invalid characters

RPM packages contained:
glibc-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
glibc-locale-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
libcurl4-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
libsaviglue-9.40-6.g75ae555.rb5.i686.rpm
libsensors4-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
libxml2-2.7.6-0.50.1.1568.g1acae51.rb9.i686.rpm
cm-nextgen-agent-9.40-13.g5e13e9f.rb4.i686.rpm
curl-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
firmwares-bamboo-9400-0.247933954.g233cdf1.rb5.i586.rpm
freerdp-1.0.2-6.g0ecd430.rb6.i686.rpm
modcookie-9.40-95.g8f24856.rb6.i686.rpm
navl-tools-4.3.0.35-0.247268873.ga345596.rb5.i686.rpm
perf-tools-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
red-firmware2-5038-0.248960247.ge6f33ce.rb1.noarch.rpm
red15-firmware-5038-0.248960497.g001f267.rb5.noarch.rpm
ruby-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
ruby-common-2.0-3.1.1.1614.gc24aad5.rb4.noarch.rpm
ruby-devel-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
rubygem-addressable-2.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-v1-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-bundler-1.13.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-0.17.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-essentials-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-extras-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-fsm-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-pool-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-supervision-0.20.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-crack-0.4.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-diff-lcs-1.2.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-docile-1.1.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-gem2rpm-0.11.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hashdiff-0.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hitimes-1.2.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-json-1.8.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-little-plugger-1.1.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-logging-2.1.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-mini_portile2-2.0.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-multi_json-1.12.1-0.250018781.g4af754f.rb2.i686.rpm
rubygem-nokogiri-1.6.7.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pg-0.19.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pidfile-0.3.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-public_suffix-2.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-retries-0.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-core-3.5.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-expectations-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-mocks-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-support-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-safe_yaml-1.0.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sequel-4.42.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-0.12.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-html-0.10.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sophos-iaas-1.0.0-0.250769404.g60829c0.i686.rpm
rubygem-thor-0.19.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-timers-4.1.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-webmock-2.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-yard-0.9.5-0.250018781.g4af754f.rb2.i686.rpm
sensors-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
ep-reporting-9.40-34.gca719d9.rb5.i686.rpm
ep-reporting-resources-9.40-34.gca719d9.rb5.i686.rpm
ep-branding-ASG-afg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-ang-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-asg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-atg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-aug-9.40-50.g1bcd426.noarch.rpm
ep-confd-9.40-930.g4eb9865.i686.rpm
ep-confd-tools-9.40-887.g340860a.rb11.i686.rpm
ep-cssd-9.40-27.gf72484e.rb3.i686.rpm
ep-ha-aws-9.40-375.g60829c0.noarch.rpm
ep-hardware-9.40-7.gaae91c6.rb4.i686.rpm
ep-hotspot-web-9.40-3.g05973ee.rb5.i686.rpm
ep-init-9.40-15.g16e98cd.rb4.noarch.rpm
ep-localization-afg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-ang-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-asg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-atg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-aug-9.40-32.g5661e6c.rb5.i686.rpm
ep-mdw-9.40-530.g96292a8.rb10.i686.rpm
ep-repctl-0.1-0.247179648.g78524e5.rb6.i686.rpm
ep-restd-9.40-0.250015768.ge75b9db.rb2.i686.rpm
ep-sandboxd-9.40-0.249594584.gee03869.rb2.i686.rpm
ep-webadmin-9.40-794.g24b46b1.rb16.i686.rpm
ep-cloud-ec2-9.40-46.g5495907.rb3.i686.rpm
ep-chroot-smtp-9.40-121.g780e765.rb4.i686.rpm
chroot-ipsec-9.40-14.g5e2e541.rb3.i686.rpm
ep-httpproxy-9.40-392.gc2d236b.rb5.i686.rpm
kernel-smp-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
kernel-smp64-3.12.58-0.247785862.g17c1041.rb7.x86_64.rpm
ep-release-9.410-6.noarch.rpm



This thread was automatically locked due to age.
  • in reply to HHO-Tim

    We also had the problem with the restarting http proxy and Mail Scanning.

    Also our users claimed, that several sites could only loaded on the 3rd or 4th try, really annoying.

    We made an reimage of our SG310 to 9.409-9, everything fine as usually.

  • in reply to Daniel Boese

    Are you able to downgrade using the WebGui by uploading an older image?  Does that factory reset the UTM or does it keep the settings?

  • in reply to ArtL

    WebUI is for configuration files only. You can't roll back firmware this way

  • in reply to ArtL

    No, you have to save your Configuration Backup which was created in version 9.409-9, the UTM automatically makes one before the upgrade.

    Then Reinstall your Appliance with the 9.409-9 Image (via CD/DVD), load your Backupfile and your back online!

    Just remember you will lose all Logs, Mail Quarantine and Wifi-Vouchers.

  • in reply to ArtL

    ArtL,

     

        At this moment you can only downgrade the Firmware by using the CDROM image. Then restoring the backup.

     

    Igor

  • Just realised that my problem seems the same as these.

     

    I have a problem since (I believe) upgrading to v9.410-6

    Emails are being silently rejected form several computers these are friends servers and friends desktops.

    The 3 desktops run Veeam Endpoint Backup and email completetion status

    The 2 servers (all linux) send update notifications etc.

    The emails get rejected silently (not in quaratine and not bounced)

    The entry in the smtp live log look like this

    2017:02:07-12:44:01 firewall exim-in[30336]: 2017-02-07 12:44:01 [my.lan.ip] F=<me@me.com> R=<me@me.com> Accepted: from authenticated user 'me'
    2017:02:07-12:44:12 firewall exim-in[5240]: 2017-02-07 12:44:12 SMTP connection from [ipaddress]:57977 (TCP/IP connection count = 2)
    2017:02:07-12:44:12 firewall exim-in[30336]: 2017-02-07 12:44:12 1cb57p-0007tI-11 malware acl condition: cssd: unable to read from socket (Success)
    2017:02:07-12:44:12 firewall exim-in[30336]: [1\16] 2017-02-07 12:44:12 1cb57p-0007tI-11 H=(Desktop) [my.lan.ip]:53439 F=<me@me.com> A=server_login:me temporarily rejected after DATA
    2017:02:07-12:44:12 firewall exim-in[30336]: [2\16] Envelope-from: <me@me.com>
    2017:02:07-12:44:12 firewall exim-in[30336]: [3\16] Envelope-to: <me@me.com>
    2017:02:07-12:44:12 firewall exim-in[30336]: [4\16] P Received: from [my.lan.ip] (port=53439 helo=Desktop)
    2017:02:07-12:44:12 firewall exim-in[30336]: [5\16] by firewall.me.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
    2017:02:07-12:44:12 firewall exim-in[30336]: [6\16] (Exim 4.82_1-5b7a7c0-XX)
    2017:02:07-12:44:12 firewall exim-in[30336]: [7\16] (envelope-from <me@me.com>)
    2017:02:07-12:44:12 firewall exim-in[30336]: [8\16] id 1cb57p-0007tI-11
    2017:02:07-12:44:12 firewall exim-in[30336]: [9\16] for me@me.com; Tue, 07 Feb 2017 12:44:01 +0000
    2017:02:07-12:44:12 firewall exim-in[30336]: [10\16] MIME-Version: 1.0
    2017:02:07-12:44:12 firewall exim-in[30336]: [11\16] F From: me@me.com
    2017:02:07-12:44:12 firewall exim-in[30336]: [12\16] T To: me@me.com
    2017:02:07-12:44:12 firewall exim-in[30336]: [13\16] Date: 7 Feb 2017 12:44:01 +0000
    2017:02:07-12:44:12 firewall exim-in[30336]: [14\16] Subject: Veeam Endpoint Backup
    2017:02:07-12:44:12 firewall exim-in[30336]: [15\16] Content-Type: text/plain; charset=us-ascii
    2017:02:07-12:44:12 firewall exim-in[30336]: [16/16] Content-Transfer-Encoding: quoted-printable

    I found out thatif I turn off "Reject malware during SMTP transaction" then the email is accepted but goes into quarantine and gets stuck "Scan Pending"

    The server reports from the linux boxs do the same.

    Anys ideas ?

    Jeff

  • in reply to JeffreyLewcock

    Did you read this thread? Straight from Sophos

    "Hi All,

    Use Avira as AV Scanner. If Dual Scan is used, then switch off Dual scan and activate single scan with Avira. This is the workaround for this issue as of now. We are working on the fix.

    Thanks for the patience.

     

    Sachin Gurung | Network Security Engineer"

  • in reply to rsenio

    Yes I did thanks, I have done this and it works until a fix is found.

    I had posted this as another thread, I deleted that thread and copied the question here for completeness

    Jeff

  • Our firewall SG310 is updated to 9.410-6 on 4 Feb., 2017. after the update, I got 9 email alert of "Http proxy not running - restarted".

    I felt the internet is disconnected about 30 sec. Please fix it asap . thanks

  • I had also massive problems with ASG120 and 9.410-6.

    E-mails took a lot of time to receive, even up to 16h.

    Setting only Scan once with Avira or even disableing malware-scanning no improvement still took the transporting time to long.

    Finally i had to re install the whole system to 9.409-9, now I receive mail timely again.

    The re-installation was a disaster too, the last ISO Version to download is this broken Firmware Version 9.410-6.

    Also the ISO Version before, 9.358-31 were somehow broken, I tried to burn it on different USB-Sticks/CDs with different programs but become Data integrity error when decompressing during the start of the installation (MD5 Checksum of the iso were correct)

    Finally I had to download and install Firmware ISO Version 9.217-31. With that ISO i was able to install, but there was a problem too.

    Install.tar was not found on the media!!!

    So I had to change some settings during installation on the shell.....

    After solving that I had to install 28 Updates manually...

    This was a disaster, I had to invest a whole night to solve this problem....

    Please test your updates before launching them!

    In the future I wil wait before installing any updates!

     

Unfiltered HTML