Sophos hat heute zwei neue Update Pakete für die UTM veröffentlicht. Das ursprüngliche Update auf die Version 9.510-4) wurde zurückgezogen und steht nicht mehr zum Download bereit. Nutzer der Version 9.510-4 können jetzt auf Version 9.510-5 aktualisieren (zweiter Downloadlink), in dieser Version soll nun auch der Bug in der Mail Protection bezüglich der TLS Aushandlung behoben sein. Nutzer der der Version 9.50 können den ersten Link verwenden:
- http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.509003-510005.tgz.gpg
- http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.510004-510005.tgz.gpg
Hier noch eine Liste der behobenen Probleme (beinhaltet auch die Fixes aus Version 9.510-4):
- NUTM-8273 [Basesystem] Inconsistent reporting data in hot standby environment
- NUTM-9089 [Basesystem] ulogd restarting randomly
- NUTM-9423 [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
- NUTM-9516 [Basesystem] CVE-2017-3145: BIND vulnerability
- NUTM-9764 [Basesystem] multiple NTP vulnerabilities
- NUTM-9862 [Basesystem] CVE-2018-8897: Don ‘t use IST entry for #BP stack
- NUTM-9944 [Basesystem] ‘ethtool -p ‘ is not working for shared port
- NUTM-9945 [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
- NUTM-9286 [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
- NUTM-9460 [Email] Quarantine unscannable and encrypted content not working as expected
- NUTM-9539 [Email] SMTP callout with TLS does not work
- NUTM-9627 [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
- NUTM-9771 [Email] Redesign TFT detection to decrease false positives/negatives
- NUTM-9836 [Email] HSTS usage breaks Quarantine Report release link
- NUTM-10124 [Email] TLS Errors – renegotiation not allowed
- NUTM-9789 [Logging] Not able to archive logs using SMB share
- NUTM-8969 [Network] Inconsistent DHCP leases in WebAdmin
- NUTM-9049 [Network] Cannot change IPv4 interface as IPv6 gateway is required
- NUTM-9194 [Network] Static route switching to different VLAN
- NUTM-9646 [Network] eth0 is falsely marked “dead “ when running “hs “ on slave
- NUTM-9739 [Network] Network monitor restarting on slave nodes
- NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
- NUTM-9607 [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
- NUTM-9624 [Reporting] WAF – Top attackers won ‘t be displayed after upgrade to v9.5
- NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin
- NUTM-9719 [SUM] Web Protection service shown as down in SUM
- NUTM-9547 [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
- NUTM-9527 [WAF] Fix mod_url_hardening stack corruption
- NUTM-8038 [WebAdmin] WebAdmin not available
- NUTM-9232 [WebAdmin] Sometimes ‘backend connection failed ‘ while login
- NUTM-9529 [WebAdmin] Role with ‘Web Protection Manager ‘ rights can ‘t access Aplication Control
- NUTM-9689 [WebAdmin] Report Auditor role is unable to open the dashboard
- NUTM-5293 [Web] Google is missed in the Search Engines reports
- NUTM-6240 [Web] FTP download through HTTP Proxy in standard mode not possible
- NUTM-9039 [Web] Connections may fail when using upstream proxies due to “Proxy-Connection “ header being sent
- NUTM-9399 [Web] Classification for Windows Updates differs between AFC and conntrack
- NUTM-9413 [Web] Unable to upload certificate to “Local Verification CAs “
- NUTM-9491 [Web] HTTP Proxy coredumps with SIGABRT
- NUTM-9549 [Web] Proceeding after content warning results in display issues on redirected pages
- NUTM-9599 [Web] HTTP Proxy requests stuck without appropriate timeout
- NUTM-9630 [Web] Fallback log flooded with samlogon cache timeout messages
- NUTM-9664 [Web] Country blocking exception not working when HTTP Proxy is using SSO
- NUTM-9720 [Web] Can ‘t proceed content warning for MIME types if URL contains spaces
- NUTM-9745 [Web] HTTP Proxy coredumps with SIGSEGV
- NUTM-7628 [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
- NUTM-8946 [Wireless] APs displayed as inactive in WebAdmin while clients can connect
- NUTM-9591 [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
- NUTM-9592 [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
- NUTM-9594 [Wireless] Incorrect channel information showing on overview for LocalWifi
- NUTM-9608 [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
- NUTM-9638 [Wireless] Both local WiFi AP named ‘Local ‘
- NUTM-9731 [Wireless] Not able to configure channel 12 and 13 on newer desktop models
- NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band
- NUTM-9737 [Wireless] SGw appliances missing frequency definitions for Nigeria
Leider gab es mit den letzten Updates immer wieder Probleme, daher sind ausgiebige Tests und ein Backup vor Installation Pflicht.
Das Update wird via Update2Date verteilt, es kann aber auch manuell runtergeladen und eingespielt werden: