Sophos UTM up2date 9.404-5 soft released

24/06/2016 0 Comments

Sophos UTM

Yesterday Sophos released 9.404-5 for their UTM firewall, it is a big fix this time. I mainly appreciate they fixed the errors in Internet Explorer ,about the security of the VPN client, when downloading fro the User Portal 🙂

 

Download here: ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.403004-404005.tgz.gpg

Relase notes:

Up2Date 9.404005 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-1775]: [Access & Identity] 35668: DHCP Broadcast over all RED LAN ports causing wrong IP address assignment
Fix [NUTM-1784]: [Access & Identity] implement “TLS 1.2 only” switch for RED to UTM communication
Fix [NUTM-2404]: [Access & Identity] 36172: RED15 has loaded fallback network config
Fix [NUTM-2841]: [Access & Identity] 36224: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_expect.c:51 nf_ct_unlink_expect_report+0x5e/0xd1 [nf_conntrack]()
Fix [NUTM-3415]: [Access & Identity] PPTP VPN with an IP Pool 172.16.0.0/20 doesn’t work correctly
Fix [NUTM-3439]: [Access & Identity] After upgrade to 9.4 and using SSL VPN the IPv4 traffic is not going over the full tunnel
Fix [NUTM-3536]: [Access & Identity] RED15 traffic not possible, red_server reports “Unable to get proc entry”
Fix [NUTM-3719]: [Access & Identity] mdw errors when configuring a RED device
Fix [NUTM-3735]: [Access & Identity] SSL VPN IP pool should not be usable without IPv4
Fix [NUTM-3757]: [Access & Identity] SSL VPN: don’t push IPv6 interface address if no IPv6 route is pushed
Fix [NUTM-3763]: [Access & Identity] SSL VPN client cannot be downloaded from userportal with IE
Fix [NUTM-3843]: [Access & Identity] SSL VPN route injection into OSPF not working properly after update to 9.4
Fix [NUTM-3867]: [Access & Identity] SMC: WEP passwords are not pushed correctly
Fix [NUTM-3924]: [Access & Identity] PPTP and iOS with config from userportal doesn’t work properly
Fix [NUTM-3934]: [Access & Identity] RED: CON_CLOSE provide information to UTM if peer is not stable enough
Fix [NUTM-3962]: [Access & Identity] IPsec doesn’t work with SHA2
Fix [NUTM-4173]: [Access & Identity] Since Update to 9.4 IPsec site-to-site connections won’t work after pppoe reconnect
Fix [NUTM-3982]: [Basesystem] Errors in Notifications Database
Fix [NUTM-2677]: [HA/Cluster] 36293: The Slave node in HA doesn’t show any resource usage
Fix [NUTM-2235]: [Network] 35662: Additional adresses of a PPPoE interface are not reachable after takeover
Fix [NUTM-3684]: [Network] APN can’t be changed if LTE is selected as network
Fix [NUTM-3061]: [Reporting] Remote Access filtering is not working correctly if the username contains a “\” sign
Fix [NUTM-3662]: [Reporting] wrong descriptions for CRIT-065 and INFO-007 in MIB file
Fix [NUTM-3753]: [Reporting] Remote Access Accounting not recording L2TP sessions
Fix [NUTM-4306]: [Reporting] postgres[xxxxx]: [x-x] STATEMENT: select src_ip, virt_ip, virt_ip6, logintime, service from vpn where status = 0 and logintime = logouttime LIMIT 1000
Fix [NUTM-3689]: [SUM] device agent claims SUM objects
Fix [NUTM-3028]: [Virtualization] HyperV interface handling (9.4)
Fix [NUTM-3482]: [WAF] form template unchanged with update from 9.355 to 9.4
Fix [NUTM-3694]: [WAF] Customized mod_security rule didn’t work correctly
Fix [NUTM-3748]: [WAF] Content length and content get lost when using form-harding
Fix [NUTM-4119]: [WAF] SSL is not used to transfer sticky session cookies
Fix [NUTM-3172]: [WebAdmin] Support tools – PPPoE shows itfhw instead of vlantag
Fix [NUTM-3113]: [Web] Proxy freeze after Savi update
Fix [NUTM-3118]: [Web] “Remove embedded objects” / “Disable JavaScript” shows script code
Fix [NUTM-3367]: [Web] “Unblock URL” button is displayed even when “Users/Groups Allowed to Bypass Blocking” is empty
Fix [NUTM-3485]: [Web] HTTP Proxy profile matching doesn’t work for DNS groups which contain IPv6 addresses
Fix [NUTM-3550]: [Web] frox segfaults/core dumps while uploading files
Fix [NUTM-3554]: [Web] Error returned from samba command on AD sync
Fix [NUTM-3617]: [Web] Sandstorm Database Error
Fix [NUTM-3710]: [Web] New exception regex for Chrome Update
Fix [NUTM-3844]: [Web] If using a ‘ character in file name, postgres is not able to insert this to the TransactionLog (Sandbox)
Fix [NUTM-3920]: [Web] Sandbox: cleaning up old data in TransactionLog on slave nodes raises postgres errors
Fix [NUTM-4055]: [Web] HTTP Proxy causing weird log entries in uma.log
Fix [NUTM-3039]: [WiFi] RADIUS authentication failover via Availability Group not working correctly
Fix [NUTM-3072]: [WiFi] Hotspot: race condition if multiple logins per MAC
Fix [NUTM-3472]: [WiFi] wireless.log – download_ca: CA fingerprint overwritten by TA / No trusted fingerprint found in certificate chain HUB.
Fix [NUTM-3760]: [WiFi] WIFI profile pushed to SMC using same name
Fix [NUTM-4117]: [WiFi] Mesh AP’s all go down and do not come back up
Fix [NUTM-4151]: [WiFi] AP30 (possibly other models) not becoming active anymore after update to >= 9.400
Fix [NUTM-4126]: [[Backend/Devel] Confd] Clean up of duplicate Domain-Regex
Fix [NUTM-4142]: [[Backend/Devel] Confd] Remote Access Manager can’t deactivate a VPN profile with groups
Fix [NUTM-4158]: [[Backend/Devel] Confd] confd[xxx]: parse_formats: unrecognized tag format: FUNC__XXX
Fix [NUTM-4160]: [[Backend/Devel] Confd] Accessing WebAdmin as non-superuser repeatedly raises “NODE_READ_DENIED” error on confd node “migration->tab_visibility”

RPM packages contained:
libopenssl1_0_0-1.0.1k-366.g9942078.rb4.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1k-366.g9942078.rb4.i686.rpm
libudev0-147-0.84.1.1609.gf739ec4.rb5.i686.rpm
acpid-2.0.22-2.1.gb620f87.rb4.i686.rpm
client-iphone-9.40-1.gd817f8e.rb4.noarch.rpm
client-openvpn-9.40-11.g434309f.rb2.noarch.rpm
cm-nextgen-agent-9.40-10.g5b4e560.rb3.i686.rpm
firmware-wifi-9400-0.230200226.g80f1105.rb3.i586.rpm
firmware-wifi-stable-9400-0.230200183.g67e2cec.rb2.i586.rpm
modformhardening-9.40-72.g083b545.rb5.i686.rpm
openssl-1.0.1k-366.g9942078.rb4.i686.rpm
perf-tools-3.12.48-0.228287133.g63c0044.rb7.i686.rpm
red-firmware2-5023a-0.231240889.g1f75a52.noarch.rpm
red15-firmware-5023a-0.231241248.ge384bc1.noarch.rpm
udev-147-0.84.1.1609.gf739ec4.rb5.i686.rpm
ep-reporting-9.40-28.g366bbbd.rb1.i686.rpm
ep-reporting-c-9.40-28.g40cca85.rb5.i686.rpm
ep-reporting-resources-9.40-28.g366bbbd.rb1.i686.rpm
ep-branding-ASG-afg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-ang-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-asg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-atg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-aug-9.40-28.g0623e18.noarch.rpm
ep-confd-9.40-646.g686b4e6.i686.rpm
ep-confd-tools-9.40-639.gf681062.rb10.i686.rpm
ep-ha-aws-9.40-179.g177e5d2.rb3.noarch.rpm
ep-ha-daemon-9.40-4.g731a58a.rb2.i686.rpm
ep-mdw-9.40-406.g9846a6e.rb9.i686.rpm
ep-red-9.40-10.ge667aab.rb4.i686.rpm
ep-sandboxd-9.40-0.229561253.ge2fa259.rb2.i686.rpm
ep-webadmin-9.40-586.g61ca7c4.rb1.i686.rpm
ep-cloud-ec2-9.40-5.g02ceb2b.rb4.i686.rpm
chroot-ftp-9.40-5.g675f742.rb3.i686.rpm
chroot-ipsec-9.40-7.ge6e957a.rb3.i686.rpm
chroot-openvpn-9.40-25.g2316a39.rb4.i686.rpm
chroot-pptp-9.40-1.g7ab5a93.rb3.i686.rpm
ep-httpproxy-9.40-317.g78dfd3a.i686.rpm
kernel-smp-3.12.48-0.228287133.g63c0044.rb7.i686.rpm
kernel-smp64-3.12.48-0.228287133.g63c0044.rb7.x86_64.rpm
ep-release-9.404-5.noarch.rpm

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close