Sophos UTM 9.510-4 update released

By | 20/07/2018

UPDATE: 12/8-2018: Do not install this update, go directory to 9.510.5:

Sophos UTM 9.510-5 released

 

UPDATE: 20/7-2018: So far 9.510-4 breaks mailmanager and TLS when you use “Callout”, so you should wait for a fix 😉

Sophos released a bigger maintenance update for the UTM yesterday, it’s a soft-release, so it has not been rolled out yet, you can download it from FTP:

ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.509003-510004.tgz.gpg

Up2Date 9.510004 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected APs will perform firmware upgrade
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-8273]: [Basesystem] Inconsistent reporting data in hot standby environment
Fix [NUTM-9089]: [Basesystem] ulogd restarting randomly
Fix [NUTM-9423]: [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
Fix [NUTM-9516]: [Basesystem] CVE-2017-3145: BIND vulnerability
Fix [NUTM-9764]: [Basesystem] multiple NTP vulnerabilities
Fix [NUTM-9862]: [Basesystem] CVE-2018-8897: Don’t use IST entry for #BP stack
Fix [NUTM-9944]: [Basesystem] ‘ethtool -p’ is not working for shared port
Fix [NUTM-9945]: [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
Fix [NUTM-9286]: [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
Fix [NUTM-9460]: [Email] Quarantine unscannable and encrypted content not working as expected
Fix [NUTM-9539]: [Email] SMTP callout with TLS does not work
Fix [NUTM-9627]: [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
Fix [NUTM-9771]: [Email] Redesign TFT detection to decrease false positives/negatives
Fix [NUTM-9836]: [Email] HSTS usage breaks Quarantine Report release link
Fix [NUTM-9789]: [Logging] Not able to archive logs using SMB share
Fix [NUTM-8969]: [Network] Inconsistent DHCP leases in WebAdmin
Fix [NUTM-9049]: [Network] Cannot change IPv4 interface as IPv6 gateway is required
Fix [NUTM-9194]: [Network] Static route switching to different VLAN
Fix [NUTM-9646]: [Network] eth0 is falsely marked “dead” when running “hs” on slave
Fix [NUTM-9739]: [Network] Network monitor restarting on slave nodes
Fix [NUTM-9795]: [RED] RED50 issue with large packets in Transparent/Split mode
Fix [NUTM-9607]: [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
Fix [NUTM-9624]: [Reporting] WAF – Top attackers won’t be displayed after upgrade to v9.5
Fix [NUTM-9719]: [SUM] Web Protection service shown as down in SUM
Fix [NUTM-9547]: [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
Fix [NUTM-9527]: [WAF] Fix mod_url_hardening stack corruption
Fix [NUTM-8038]: [WebAdmin] WebAdmin not available
Fix [NUTM-9232]: [WebAdmin] Sometimes ‘backend connection failed’ while login
Fix [NUTM-9529]: [WebAdmin] Role with ‘Web Protection Manager’ rights can’t access Aplication Control
Fix [NUTM-9689]: [WebAdmin] Report Auditor role is unable to open the dashboard
Fix [NUTM-5293]: [Web] Google is missed in the Search Engines reports
Fix [NUTM-6240]: [Web] FTP download through HTTP Proxy in standard mode not possible
Fix [NUTM-9039]: [Web] Connections may fail when using upstream proxies due to “Proxy-Connection” header being sent
Fix [NUTM-9399]: [Web] Classification for Windows Updates differs between AFC and conntrack
Fix [NUTM-9413]: [Web] Unable to upload certificate to “Local Verification CAs”
Fix [NUTM-9491]: [Web] HTTP Proxy coredumps with SIGABRT
Fix [NUTM-9549]: [Web] Proceeding after content warning results in display issues on redirected pages
Fix [NUTM-9599]: [Web] HTTP Proxy requests stuck without appropriate timeout
Fix [NUTM-9630]: [Web] Fallback log flooded with samlogon cache timeout messages
Fix [NUTM-9664]: [Web] Country blocking exception not working when HTTP Proxy is using SSO
Fix [NUTM-9720]: [Web] Can’t proceed content warning for MIME types if URL contains spaces
Fix [NUTM-9745]: [Web] HTTP Proxy coredumps with SIGSEGV
Fix [NUTM-7628]: [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
Fix [NUTM-8946]: [Wireless] APs displayed as inactive in WebAdmin while clients can connect
Fix [NUTM-9591]: [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
Fix [NUTM-9592]: [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
Fix [NUTM-9594]: [Wireless] Incorrect channel information showing on overview for LocalWifi
Fix [NUTM-9608]: [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
Fix [NUTM-9638]: [Wireless] Both local WiFi AP named ‘Local’
Fix [NUTM-9731]: [Wireless] Not able to configure channel 12 and 13 on newer desktop models
Fix [NUTM-9735]: [Wireless] Set default channel width to 40MHz for 5GHz band
Fix [NUTM-9737]: [Wireless] SGw appliances missing frequency definitions for Nigeria

RPM packages contained:
libsaviglue-9.50-31.g5e3c21d.rb5.i686.rpm
cm-nextgen-agent-9.50-16.gc08104a.rb5.i686.rpm
firmwares-bamboo-9400-0.293035296.g3733ac8.rb2.i586.rpm
hostapd-2.2-1.0.287145451.ga02be97.rb6.i686.rpm
modurlhardening-9.50-222.g4fa60fe.rb6.i686.rpm
perf-tools-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
red-firmware2-5125-0.282730588.g354eda3d8.rb7.noarch.rpm
red15-firmware-5125-0.282730547.g89c84b337.rb10.noarch.rpm
samba-4.6.8-4.gae6a03c.rb2.i686.rpm
ulogd-2.1.0-133.g0d89a85.rb5.i686.rpm
ep-reporting-9.50-54.g9e81107.rb4.i686.rpm
ep-reporting-c-9.50-151.g7de2457.rb3.i686.rpm
ep-reporting-resources-9.50-54.g9e81107.rb4.i686.rpm
ep-awed-9.50-58.g7de6526.rb5.i686.rpm
ep-branding-ASG-afg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-ang-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-asg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-atg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-aug-9.50-78.gabee2c3.noarch.rpm
ep-confd-9.50-1822.g447351b3.i686.rpm
ep-ha-daemon-9.50-5.g7d07dcc.rb5.i686.rpm
ep-init-9.50-38.g352a07a.rb8.noarch.rpm
ep-libs-9.50-33.g690bd32.rb9.i686.rpm
ep-logging-9.50-18.g10653ef.rb3.i686.rpm
ep-mdw-9.50-1060.gc9c553bb.rb9.i686.rpm
ep-postgresql92-9.50-109.g359d1c5.rb8.i686.rpm
ep-postgresql92-64-9.50-109.g359d1c5.rb7.x86_64.rpm
ep-screenmgr-9.50-3.g07035cc.rb46.i686.rpm
ep-utm-watchdog-9.50-88.ge2d9ca8.rb2.i686.rpm
ep-webadmin-9.50-1412.g7a6726620.rb10.i686.rpm
ep-webadmin-contentmanager-9.50-84.g749571d.rb20.i686.rpm
ep-chroot-httpd-9.50-37.g1cad00c.rb4.noarch.rpm
ep-chroot-smtp-9.50-149.g1ad0a54.rb2.i686.rpm
chroot-bind-9.10.7-0.292458892.g9711d3a.rb2.i686.rpm
chroot-ntp-4.2.8p11-0.gc174a78.rb3.i686.rpm
ep-httpproxy-9.50-547.g1f8aab75.rb3.i686.rpm
kernel-smp-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
kernel-smp64-3.12.74-0.292688430.ga5ef2ae.rb5.x86_64.rpm
ep-release-9.510-4.noarch.rpm

2 thoughts on “Sophos UTM 9.510-4 update released

Leave a Reply

Your email address will not be published. Required fields are marked *