Sophos UTM 9.510-4 update released

UPDATE: 12/8-2018: Do not install this update, go directory to 9.510.5:

Sophos UTM 9.510-5 released

 

UPDATE: 20/7-2018: So far 9.510-4 breaks mailmanager and TLS when you use “Callout”, so you should wait for a fix 😉

Sophos released a bigger maintenance update for the UTM yesterday, it’s a soft-release, so it has not been rolled out yet, you can download it from FTP:

ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.509003-510004.tgz.gpg

Up2Date 9.510004 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected APs will perform firmware upgrade
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-8273]: [Basesystem] Inconsistent reporting data in hot standby environment
Fix [NUTM-9089]: [Basesystem] ulogd restarting randomly
Fix [NUTM-9423]: [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
Fix [NUTM-9516]: [Basesystem] CVE-2017-3145: BIND vulnerability
Fix [NUTM-9764]: [Basesystem] multiple NTP vulnerabilities
Fix [NUTM-9862]: [Basesystem] CVE-2018-8897: Don’t use IST entry for #BP stack
Fix [NUTM-9944]: [Basesystem] ‘ethtool -p’ is not working for shared port
Fix [NUTM-9945]: [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
Fix [NUTM-9286]: [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
Fix [NUTM-9460]: [Email] Quarantine unscannable and encrypted content not working as expected
Fix [NUTM-9539]: [Email] SMTP callout with TLS does not work
Fix [NUTM-9627]: [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
Fix [NUTM-9771]: [Email] Redesign TFT detection to decrease false positives/negatives
Fix [NUTM-9836]: [Email] HSTS usage breaks Quarantine Report release link
Fix [NUTM-9789]: [Logging] Not able to archive logs using SMB share
Fix [NUTM-8969]: [Network] Inconsistent DHCP leases in WebAdmin
Fix [NUTM-9049]: [Network] Cannot change IPv4 interface as IPv6 gateway is required
Fix [NUTM-9194]: [Network] Static route switching to different VLAN
Fix [NUTM-9646]: [Network] eth0 is falsely marked “dead” when running “hs” on slave
Fix [NUTM-9739]: [Network] Network monitor restarting on slave nodes
Fix [NUTM-9795]: [RED] RED50 issue with large packets in Transparent/Split mode
Fix [NUTM-9607]: [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
Fix [NUTM-9624]: [Reporting] WAF – Top attackers won’t be displayed after upgrade to v9.5
Fix [NUTM-9719]: [SUM] Web Protection service shown as down in SUM
Fix [NUTM-9547]: [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
Fix [NUTM-9527]: [WAF] Fix mod_url_hardening stack corruption
Fix [NUTM-8038]: [WebAdmin] WebAdmin not available
Fix [NUTM-9232]: [WebAdmin] Sometimes ‘backend connection failed’ while login
Fix [NUTM-9529]: [WebAdmin] Role with ‘Web Protection Manager’ rights can’t access Aplication Control
Fix [NUTM-9689]: [WebAdmin] Report Auditor role is unable to open the dashboard
Fix [NUTM-5293]: [Web] Google is missed in the Search Engines reports
Fix [NUTM-6240]: [Web] FTP download through HTTP Proxy in standard mode not possible
Fix [NUTM-9039]: [Web] Connections may fail when using upstream proxies due to “Proxy-Connection” header being sent
Fix [NUTM-9399]: [Web] Classification for Windows Updates differs between AFC and conntrack
Fix [NUTM-9413]: [Web] Unable to upload certificate to “Local Verification CAs”
Fix [NUTM-9491]: [Web] HTTP Proxy coredumps with SIGABRT
Fix [NUTM-9549]: [Web] Proceeding after content warning results in display issues on redirected pages
Fix [NUTM-9599]: [Web] HTTP Proxy requests stuck without appropriate timeout
Fix [NUTM-9630]: [Web] Fallback log flooded with samlogon cache timeout messages
Fix [NUTM-9664]: [Web] Country blocking exception not working when HTTP Proxy is using SSO
Fix [NUTM-9720]: [Web] Can’t proceed content warning for MIME types if URL contains spaces
Fix [NUTM-9745]: [Web] HTTP Proxy coredumps with SIGSEGV
Fix [NUTM-7628]: [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
Fix [NUTM-8946]: [Wireless] APs displayed as inactive in WebAdmin while clients can connect
Fix [NUTM-9591]: [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
Fix [NUTM-9592]: [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
Fix [NUTM-9594]: [Wireless] Incorrect channel information showing on overview for LocalWifi
Fix [NUTM-9608]: [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
Fix [NUTM-9638]: [Wireless] Both local WiFi AP named ‘Local’
Fix [NUTM-9731]: [Wireless] Not able to configure channel 12 and 13 on newer desktop models
Fix [NUTM-9735]: [Wireless] Set default channel width to 40MHz for 5GHz band
Fix [NUTM-9737]: [Wireless] SGw appliances missing frequency definitions for Nigeria

RPM packages contained:
libsaviglue-9.50-31.g5e3c21d.rb5.i686.rpm
cm-nextgen-agent-9.50-16.gc08104a.rb5.i686.rpm
firmwares-bamboo-9400-0.293035296.g3733ac8.rb2.i586.rpm
hostapd-2.2-1.0.287145451.ga02be97.rb6.i686.rpm
modurlhardening-9.50-222.g4fa60fe.rb6.i686.rpm
perf-tools-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
red-firmware2-5125-0.282730588.g354eda3d8.rb7.noarch.rpm
red15-firmware-5125-0.282730547.g89c84b337.rb10.noarch.rpm
samba-4.6.8-4.gae6a03c.rb2.i686.rpm
ulogd-2.1.0-133.g0d89a85.rb5.i686.rpm
ep-reporting-9.50-54.g9e81107.rb4.i686.rpm
ep-reporting-c-9.50-151.g7de2457.rb3.i686.rpm
ep-reporting-resources-9.50-54.g9e81107.rb4.i686.rpm
ep-awed-9.50-58.g7de6526.rb5.i686.rpm
ep-branding-ASG-afg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-ang-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-asg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-atg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-aug-9.50-78.gabee2c3.noarch.rpm
ep-confd-9.50-1822.g447351b3.i686.rpm
ep-ha-daemon-9.50-5.g7d07dcc.rb5.i686.rpm
ep-init-9.50-38.g352a07a.rb8.noarch.rpm
ep-libs-9.50-33.g690bd32.rb9.i686.rpm
ep-logging-9.50-18.g10653ef.rb3.i686.rpm
ep-mdw-9.50-1060.gc9c553bb.rb9.i686.rpm
ep-postgresql92-9.50-109.g359d1c5.rb8.i686.rpm
ep-postgresql92-64-9.50-109.g359d1c5.rb7.x86_64.rpm
ep-screenmgr-9.50-3.g07035cc.rb46.i686.rpm
ep-utm-watchdog-9.50-88.ge2d9ca8.rb2.i686.rpm
ep-webadmin-9.50-1412.g7a6726620.rb10.i686.rpm
ep-webadmin-contentmanager-9.50-84.g749571d.rb20.i686.rpm
ep-chroot-httpd-9.50-37.g1cad00c.rb4.noarch.rpm
ep-chroot-smtp-9.50-149.g1ad0a54.rb2.i686.rpm
chroot-bind-9.10.7-0.292458892.g9711d3a.rb2.i686.rpm
chroot-ntp-4.2.8p11-0.gc174a78.rb3.i686.rpm
ep-httpproxy-9.50-547.g1f8aab75.rb3.i686.rpm
kernel-smp-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
kernel-smp64-3.12.74-0.292688430.ga5ef2ae.rb5.x86_64.rpm
ep-release-9.510-4.noarch.rpm

2 Comments

    1. Martin (Post author)

      Hi Stephan,
      Thanks for this 🙂

      You may not know this, but the user in the community “twister5800” is me 🙂

      best regards Martin

      P.S. Made this new post:
      https://martinsblog.dk/sophos-utm-9-510-5-released/

      Reply

Leave a Reply to Martin Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close