Sophos just released UTM version 9.7 MR18 (9.718). As this is a regular maintenance update it will be released in three phases:
- In phase 1 you can download the update package from their download server. Click the link and navigate to the folder UTM / v9 / up2date.
- Up2date package – 9.717 to 9.718 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.717003-718005.tgz.gpg
- Md5sum is 61ab2c8f45baa2aace8dfa80446c7caa https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.717003-718005.tgz.gpg.md5
- During phase 2 they will make it available via our Up2Date servers in several stages.
- In phase 3 they will make it available via our Up2Date servers to all remaining installations.
Details of this release, along with previous releases, can be found on their official release notes page.
Other news
- Maintenance Release
- Security Release
Remarks
- System will be rebooted
- Configuration will be upgraded
Issues resolved
- NUTM-14068 [Basesystem] Tar Vulnerability – CVE-2022-48303
- NUTM-14219 [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal
- NUTM-14237 [Basesystem] Remove deprecated XSS protection header from Web Admin and User Portal
- NUTM-14285 [Basesystem] Disable session tickets on Web Admin and User Portal
- NUTM-14288 [Basesystem] Samba Vulnerability – CVE-2022-2127
- NUTM-14197 [Email] Email stuck in queue with scanner timeout
- NUTM-14289 [Endpoint] Remove Endpoint Protection from WebAdmin and system backend
- NUTM-14305 [Logging] Failed logins for SSL VPN Remote Access are not displayed in reports
- NUTM-14218 [RED] Disable DHE ciphers support for RED in UTM
- NUTM-14339 [WAF] Daily WAF Coredumps: Segmentation fault (11)
- NUTM-13182 [Web] Reflected XSS in Web Proxy – CVE-2021-4429
- NUTM-13988 [Web] Improve performance and error handling for AD SSO
Source:
UTM Up2date 9.7 MR18 (9.718) released – Release Notes & News – UTM Firewall – Sophos Community
File contents:
Up2Date 9.718005 package description:
Remarks:
System will be rebooted
Configuration will be upgraded
News:
Maintenance Release
Bugfixes:
Fix [NUTM-14068]: [Basesystem] Tar Vulnerability – CVE-2022-48303
Fix [NUTM-14219]: [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal
Fix [NUTM-14237]: [Basesystem] Remove deprecated XSS protection header from Web Admin and User Portal
Fix [NUTM-14285]: [Basesystem] Disable session tickets on Web Admin and User Portal
Fix [NUTM-14288]: [Basesystem] Samba Vulnerability – CVE-2022-2127
Fix [NUTM-14197]: [Email] Email stuck in queue with scanner timeout
Fix [NUTM-14289]: [Endpoint] Remove Endpoint Protection from WebAdmin and system backend
Fix [NUTM-14305]: [Logging] Failed logins for SSL VPN Remote Access are not displayed in reports
Fix [NUTM-14218]: [RED] Disable DHE ciphers support for RED in UTM
Fix [NUTM-14339]: [WAF] Daily WAF Coredumps: Segmentation fault (11)
Fix [NUTM-13182]: [Web] Reflected XSS in Web Proxy (CVE-2021-4429)
Fix [NUTM-13988]: [Web] Improve performance and error handling for AD SSO
RPM packages contained:
libaviraglue-9.70-15.g05c370e.rb3.i686.rpm
libaviraglue-64-9.70-15.g05c370e.rb3.x86_64.rpm
libopenssl1_0_0-1.0.2p-3.64.1.0.463785659.gf62a29e6.rb5.i686.rpm
libopenssl1_0_0-64-1.0.2p-3.64.1.0.463785659.gf62a29e6.rb5.x86_64.rpm
libopenssl1_0_0_httpproxy-1.0.2p-3.64.1.0.463785659.gf62a29e6.rb5.i686.rpm
modformhardening-9.70-396.g46d9e07.rb2.i686.rpm
openssl-1.0.2p-3.64.1.0.463785659.gf62a29e6.rb5.i686.rpm
openssl-64-1.0.2p-3.64.1.0.463785659.gf62a29e6.rb5.x86_64.rpm
samba-4.6.8-7.g086016e.rb3.i686.rpm
tar-1.26-1.2.13.1.2159.g2d4155e4.rb7.i686.rpm
ep-reporting-c-9.70-160.g86afec0.rb3.i686.rpm
ep-branding-ASG-afg-9.70-53.g4841911.rb3.noarch.rpm
ep-branding-ASG-ang-9.70-53.g4841911.rb3.noarch.rpm
ep-branding-ASG-asg-9.70-53.g4841911.rb3.noarch.rpm
ep-branding-ASG-atg-9.70-53.g4841911.rb3.noarch.rpm
ep-branding-ASG-aug-9.70-53.g4841911.rb3.noarch.rpm
ep-confd-9.70-996.ga285eb830.rb1.i686.rpm
ep-mdw-9.70-920.g385e17fa.rb6.i686.rpm
ep-postgresql92-9.70-13.gf93811d.rb3.i686.rpm
ep-postgresql92-64-9.70-13.gf93811d.rb3.x86_64.rpm
ep-red-9.70-65.g9667def.rb4.i686.rpm
ep-sasi-5.1.4-0.460027334.g2ac730b.rb4.i686.rpm
ep-tools-9.70-39.gbf0b59b.rb4.i686.rpm
ep-tools-cpld-9.70-39.gbf0b59b.rb4.i686.rpm
ep-up2date-9.70-53.g001edab.rb2.i686.rpm
ep-up2date-downloader-9.70-53.g001edab.rb2.i686.rpm
ep-up2date-pattern-install-9.70-53.g001edab.rb2.i686.rpm
ep-up2date-system-install-9.70-53.g001edab.rb2.i686.rpm
ep-webadmin-9.70-858.gb5357bac7.rb6.i686.rpm
ep-chroot-httpd-9.70-38.g30b26c1.rb4.noarch.rpm
ep-chroot-smtp-9.70-99.gba89c2b.rb5.i686.rpm
chroot-bind-9.11.3-0.463876495.g0b281fc.rb1.i686.rpm
chroot-ipsec-9.70-89.g4e40652.rb2.i686.rpm
chroot-smtp-9.70-74.gd2863e6a.rb6.i686.rpm
ep-httpproxy-9.70-368.g05b1f1db.rb5.i686.rpm
ep-httpproxy-64-9.70-368.g05b1f1db.rb5.x86_64.rpm
ep-httpproxy-perl-helpers-9.70-368.g05b1f1db.rb5.i686.rpm
ep-httpproxy-user-account-9.70-368.g05b1f1db.rb5.noarch.rpm
ep-release-9.718-5.noarch.rpm