Neue Updates für Sophos UTM (9.510-5)

Sophos has released two new update packages for the UTM today. The original update to version 9.510-4) has been withdrawn and is no longer available for download. Users of version 9.510-4 can now update to version 9.510-5 (second download link), in this version the bug in Mail Protection regarding TLS negotiation should now also be fixed. Users of version 9.50 can use the first link:

• http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.509003-510005.tgz.gpg
• http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.510004-510005.tgz.gpg

Here is a list of the fixed problems (also includes the fixes from version 9.510-4):

• NUTM-8273 [Basesystem] Inconsistent reporting data in hot standby environment
• NUTM-9089 [Basesystem] ulogd restarting randomly
• NUTM-9423 [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
• NUTM-9516 [Basesystem] CVE-2017-3145: BIND vulnerability
• NUTM-9764 [Basesystem] multiple NTP vulnerabilities
• NUTM-9862 [Basesystem] CVE-2018-8897: Don't use IST entry for #BP stack
• NUTM-9944 [Basesystem] 'ethtool -p ' is not working for shared port
• NUTM-9945 [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
• NUTM-9286 [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
• NUTM-9460 [Email] Quarantine unscannable and encrypted content not working as expected
• NUTM-9539 [Email] SMTP callout with TLS does not work
• NUTM-9627 [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
• NUTM-9771 [Email] Redesign TFT detection to decrease false positives/negatives
• NUTM-9836 [Email] HSTS usage breaks Quarantine Report release link
• NUTM-10124 [Email] TLS Errors – renegotiation not allowed
• NUTM-9789 [Logging] Not able to archive logs using SMB share
• NUTM-8969 [Network] Inconsistent DHCP leases in WebAdmin
• NUTM-9049 [Network] Cannot change IPv4 interface as IPv6 gateway is required
• NUTM-9194 [Network] Static route switching to different VLAN
• NUTM-9646 [Network] eth0 is falsely marked "dead " when running "hs " on slave
• NUTM-9739 [Network] Network monitor restarting on slave nodes
• NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
• NUTM-9607 [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
• NUTM-9624 [Reporting] WAF – Top attackers won ‘t be displayed after upgrade to v9.5
• NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin
• NUTM-9719 [SUM] Web Protection service shown as down in SUM
• NUTM-9547 [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
• NUTM-9527 [WAF] Fix mod_url_hardening stack corruption
• NUTM-8038 [WebAdmin] WebAdmin not available
• NUTM-9232 [WebAdmin] Sometimes 'backend connection failed ' while login
• NUTM-9529 [WebAdmin] Role with 'Web Protection Manager ' rights can 't access Aplication Control
• NUTM-9689 [WebAdmin] Report Auditor role is unable to open the dashboard
• NUTM-5293 [Web] Google is missed in the Search Engines reports
• NUTM-6240 [Web] FTP download through HTTP Proxy in standard mode not possible
• NUTM-9039 [Web] Connections may fail when using upstream proxies due to "Proxy-Connection " header being sent
• NUTM-9399 [Web] Classification for Windows Updates differs between AFC and conntrack
• NUTM-9413 [Web] Unable to upload certificate to "Local Verification CAs "
• NUTM-9491 [Web] HTTP Proxy coredumps with SIGABRT
• NUTM-9549 [Web] Proceeding after content warning results in display issues on redirected pages
• NUTM-9599 [Web] HTTP Proxy requests stuck without appropriate timeout
• NUTM-9630 [Web] Fallback log flooded with samlogon cache timeout messages
• NUTM-9664 [Web] Country blocking exception not working when HTTP Proxy is using SSO
• NUTM-9720 [Web] Can 't proceed content warning for MIME types if URL contains spaces
• NUTM-9745 [Web] HTTP Proxy coredumps with SIGSEGV
• NUTM-7628 [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
• NUTM-8946 [Wireless] APs displayed as inactive in WebAdmin while clients can connect
• NUTM-9591 [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
• NUTM-9592 [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
• NUTM-9594 [Wireless] Incorrect channel information showing on overview for LocalWifi
• NUTM-9608 [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
• NUTM-9638 [Wireless] Both local WiFi AP named 'Local '
• NUTM-9731 [Wireless] Not able to configure channel 12 and 13 on newer desktop models
• NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band
• NUTM-9737 [Wireless] SGw appliances missing frequency definitions for Nigeria

Unfortunately, there have always been problems with the latest updates, so extensive testing and a backup are essential before installation.

The update is distributed via Update2Date, but it can also be downloaded and installed manually: