Sophos UTM 9.314-013 Update released

Martin 30/07/2015

This time a big update from Sophos 🙂
Up2Date 9.314013 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Update

Bugfixes:
Fix [22437]: HTML5 RDP: swiss keyboard not working with ALT-Gr-letters using Chrome
Fix [23348]: Multipath for ftp over http isn’t working when control and data connection use different path
Fix [30224]: Parallel dns queries fail on identical source port
Fix [31261]: Support Japanese PDF version of Daily Executive Report
Fix [31910]: Request dns_host object info causes high system load due to large confd_objects table
Fix [32594]: WAF: Disable backend connection pooling
Fix [32862]: Traffic is included in statistics and executive reports although an exception exists
Fix [33666]: HTTP server (UserPortal/WebAdmin) has missing/wrong error handling for “CONNECT” method
Fix [33716]: Dashboard shows AntiSpam is active for protocols POP3 with Basic Guard License
Fix [33958]: IPFIX is mixing data streams in HA/Cluster mode
Fix [34210]: BGP Soft-reconfiguration not honoured
Fix [34234]: AFC problem with HTTPS in transparent mode
Fix [34333]: Webadmin backend connection failed ‘Shift + f5’-reload causes incorrect and premature failed login alert
Fix [34460]: IE 9/10 crashes when displaying 4xx/5xx error page
Fix [34495]: QoS: Disabling Download Equalizer breaks Downlink limit
Fix [34510]: NTLMSSP_AUTH not send from Windows 7 workstations
Fix [34533]: Browser-language should be used for keyboard layout in HTML5 portal RDP connections
Fix [34554]: Suppress snmpd logline “Wrong netlink message type 3”
Fix [34575]: AP10/AP30 – auto channel selection always selects channel 1
Fix [34612]: device-agent restarting constantly
Fix [34622]: History back traverse broken in chrome
Fix [34626]: Long path name in site path routing breaks WAF
Fix [34655]: Web Protection reporting will be not displayed correctly if you use a german webadmin
Fix [34666]: FTP Proxy: frox segfault in realloc
Fix [34684]: Wireless.log shows lots of messages like “rt305x-esw 10110000.esw: link changed”
Fix [34693]: HTML5 portal kicks users with configuration changed message on every aptp update
Fix [34695]: Kernel: Unable to handle kernel NULL pointer dereference at (null)
Fix [34724]: OBJECT_NAMESPACE collision when whitelist/blacklist with identical name is deployed via SUM
Fix [34788]: HTTP Proxy: segfault in tcmalloc::ThreadCache
Fix [34791]: HTML5 VPN: keyboard input not working on Android devices
Fix [34793]: E-mail graph missing in executive report
Fix [34812]: SPF check against IPv6 subnet does not work.
Fix [34824]: device-agent stucks when deployment is taking too long
Fix [34845]: Remote Access graphs shows wrong values
Fix [34853]: Mail Manager: perl runtime error when subject contains double byte charactes
Fix [34871]: IPsec Remote Access connection may fail to aquire an IP from pool of static IPs
Fix [34872]: Up2Date Cache setting not updated when changing SUM host
Fix [34882]: Imported SMIME cert fills up storage partition
Fix [34887]: Up2date not possible caused by DNS issue
Fix [34888]: True type file inspection should not be executed if MIME type blocking is disabled
Fix [34891]: ‘Show IP BGP Unicast’ button not working
Fix [34902]: outgoing spam is always quarantined even though (confirmed) spam action is “warn”.
Fix [34907]: HTTP Proxy: deflate zlib data according to RFC
Fix [34911]: Backend AD sync shows error messages in aua.log
Fix [34917]: Dashboard times out in case of many interfaces
Fix [34924]: SMIME signed invitations will loose the “meeting” features in outlook
Fix [34927]: Change default algorithm for creating CAs to sha256
Fix [34939]: WAF reverse auth Japanese characters garbled
Fix [34943]: afcd memleak in 9.310
Fix [34945]: Network monitor daemon segfault / coredump
Fix [34950]: Can’t enable Cisco VPN anymore after the last user was deleted
Fix [34954]: HTTP filter action still shows the old category name after the name was changed
Fix [34968]: AP55C not becoming active
Fix [34970]: AP100C/AP55C: IFUP_ERROR
Fix [34972]: memtest does not work on SG series
Fix [34974]: BGP with IPv6 is broken
Fix [34975]: HTTP Proxy: core dump kernel_vsyscall
Fix [34978]: RED50 doesn’t work with some big packets
Fix [34984]: Can’t use string (“0”) as a HASH ref while “strict refs” in use at /wfe/asg/modules/asg_wireless.pm line 3714
Fix [34988]: RED50 ignores list of allowed VLAN tags in ‘Tagged’ VLAN port operation
Fix [34993]: Dashboard does not display traffic data for ethernet vlan interface types
Fix [35003]: Untrusted issuer warnings for trusted CAs
Fix [35005]: It is not possible to create a second convert bridge
Fix [35006]: syslog-ng reaching max connections due to hotspot traffic
Fix [35013]: DPD not set in case remote device is sending DPD vendor payload not in the first main mode message
Fix [35017]: Websec-reporter creates coredumps
Fix [35018]: HTTP Proxy: EpollWorker segfault in kernel_vsyscall
Fix [35025]: SPX: no NDR is sent out if recipient does not register
Fix [35026]: HTTP Proxy: Country blocking exceptions for destination not working
Fix [35028]: Timezone update 2015c
Fix [35034]: DLP emails are not visible in Mail Manager SMTP Log if DLP action is “Allow”
Fix [35040]: HTTP Proxy: POST request fails with “broken pipe”
Fix [35042]: Error output while executing repctl -m command
Fix [35057]: Internal Wifi adapter is active on slave node in HA
Fix [35070]: SSL VPN: change default DH key size to 2048 and add key size 3072/4096
Fix [35073]: SafeSearch does not block all provocative images
Fix [35107]: Can not display “Endpoint Protection” summary page when there is an Endpoint without group
Fix [35108]: Day in Dashboard date sometimes off by one
Fix [35128]: User portal fallback language is not set to what it suppose to be set
Fix [35133]: SPX: Reply portal shows wrested email recipient and sender addresses in original message
Fix [35137]: Endpoint – USB exemptions configured on the UTM do not work for some USB sticks
Fix [35141]: WIFI-Client can’t get an IP if static and dynamic VLAN is same
Fix [35161]: Hotspot login page is looping if the interface for the hotspot is a RED vlan interface and QoS is enabled on the interface
Fix [35165]: Problem displaying quarantined emails in case several addresses are in cc
Fix [35176]: IPTables will not update if you add a host to a network group which is used in a packetfilter rule
Fix [35177]: SPX encryption does not work if From header is invalid
Fix [35183]: HTML5 VPN: mobile keyboard not working on iOS devices in Safari
Fix [35185]: SPX: Password registration form (PW specified by recipient) does not work due disabled reply portal
Fix [35199]: Mail Manager: “\” in Sender/Rcpt/Subject substring causes a perl error
Fix [35200]: SSID and PSK disappear from Voucher
Fix [35225]: Background channel switching doesn’t work on AP55C/AP100C
Fix [35226]: Mail Manager: perl runtime error while trying to view an email without mail body
Fix [35228]: handle nvme devices during installation
Fix [35229]: Access control: Mail Protection Manager can not create any exceptions
Fix [35240]: Web Proxy duplicates headers in XSS request
Fix [35245]: Raid monitor not running
Fix [35256]: Middleware logs error for uninitialized value during regex operation
Fix [35257]: Not possible to add Network group object as “Network Protection Manager”
Fix [35266]: Uncategorized websites show up in reports as Categorization Failed
Fix [35272]: Mail Manager: incorrect pagination when removing entries

 

About the Author

Leave a Reply