Important Notes

The initial UTM 9.703 release was pulled back. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The code change for “NUTM-11173 [Basesystem] IPsec doesn’t re-connect on DHCP interface after firmware upgrade” is reverted and a new version of UTM 9.703 is available at their download server.

There are two update packages available:

• One for users, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
• One for users, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Both update will be available via their Up2Date server later.

Up2Date Information

News

• Maintenance Release

Remarks

• System will be rebooted
• Configuration will be upgraded
• Connected REDs will perform firmware upgrade
• Connected Wifi APs will perform firmware upgrade

Issues Resolved

• NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing ‘Sophos Transparent Authentication Status’ tab
• NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
• NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
• NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
• NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
• NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
• NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
• NUTM-11255 [Basesystem] Fix “Internet IPv6” binding in case of multiple IPv6 uplinks
• NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
• NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
• NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
• NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
• NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
• NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
• NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
• NUTM-11288 [Localization] AWS Current Stack link is incorrect
• NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
• NUTM-11218 [Network] ulogd restarting/core-dumps
• NUTM-11614 [Network] Increase GARP buffer
• NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
• NUTM-11573 [RED] RED interface doesn’t obtain IP after UTM reboot
• NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
• NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
• NUTM-11378 [Reporting] Top5 Malware won’t be displayed in Executive Reports if those are sent as PDF
• NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error “cannot decode string with wide characters at encode.pm line 174”
• NUTM-10202 [UI Framework] [SAA] Live user table doesn’t scale with very long names
• NUTM-11084 [UI Framework] Webadmin Information popup not visible
• NUTM-11191 [UI Framework] Can’t download certificate in WebAdmin when name contains apostrophe
• NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
• NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
• NUTM-11725 [UI Framework] Update prototype
• NUTM-11130 [Web] Add configuration for savi_scan_timeout
• NUTM-11346 [Web] Warn page proceed fails due to missing parameters
• NUTM-10269 [Wireless] SSID stops broadcasting
• NUTM-11581 [Wireless] User with “Wireless Protection Manager” rights is unable to change wireless settings if mesh is configured