Sophos hat heuet ein Update mit der Versionsnummer 9.502-4 für die Sophos UTM veröffentlicht. Das Update soll insgesamt 39 Probleme beheben.
Leider hatte Sophos in der Vergangenheit kein so glückliches Händchen mit Updates für die UTM, so hat das letzte Update zwar einige Probleme behoben, aber auch wieder neue verursacht. Dies macht ausführliches Testen leider mittlerweile erforderlich.
Die folgenden Probleme wurden laut Sophos behoben:
- [NUTM-8127]: [AWS] Link to CloudFormation console during cloudupdate is not working
- [NUTM-3213]: [Access & Identity] Inconsistent behaviour/state when deleting a user cert
- [NUTM-3283]: [Access & Identity] IPSec: VPN ID shall not include blanks
- [NUTM-3294]: [Access & Identity] Menu option (keyboard layout) background not rendered properly in IE (version 11.0.9600.17728)
- [NUTM-6972]: [Access & Identity] SSLVPN disconnection: backend AD sync
- [NUTM-7897]: [Access & Identity] Argos doesn’t start in HA setup without IP address
- [NUTM-7940]: [Access & Identity] Client Authentication daemon crashes in HA scenario
- [NUTM-7982]: [Access & Identity] SSL VPN connection not possible since v9.5 if organisation name contains umlauts
- [NUTM-7996]: [Access & Identity] Devices authenticated via SAA are no longer associated with multiple user network objects in UTM 9.5
- [NUTM-8122]: [Access & Identity] L2TP connections with separate DHCP server does not work
- [NUTM-8146]: [Access & Identity] PPTP fails to connect when Assign IP addresses by is set to DHCP Server
- [NUTM-8147]: [Access & Identity] OpenVPN vulnerabilities
- [NUTM-8161]: [Access & Identity] OpenVPN vulnerabilities (client part)
- [NUTM-8280]: [Access & Identity] High confd load through UMA
- [NUTM-8130]: [Basesystem] Linux vulnerability ‚The Stack Clash‘
- [NUTM-8156]: [Basesystem] Apache httpd vulnerability (CVE-2017-3169)
- [NUTM-7235]: [Confd] READONLY user can download support package
- [NUTM-7425]: [Email] Emailenc causing high load – permanently 100% CPU usage
- [NUTM-7790]: [Email] Restrict long regular expression in WebAdmin
- [NUTM-7876]: [Email] POP3 Proxy stops working after some time
- [NUTM-7889]: [Email] Sandbox scan doesn’t work – worker_do_get_file req content parsing error or missing parameters
- [NUTM-6116]: [Network] Service_monitor sets wrong IP address for availability group
- [NUTM-7647]: [Network] WAN random disconnects
- [NUTM-7735]: [Network] ATP doesn’t work with „Send anonymous application accuracy telemetry data“ disabled.
- [NUTM-7950]: [Network] Dhcp client not running – restarted
- [NUTM-8015]: [Network] Main interface IP address swapped by additional address for DHCP setup
- [NUTM-7543]: [Reporting] Calculate correct malware count for ExecReport
- [NUTM-7609]: [Reporting] Websec-reporter is constantly restarting
- [NUTM-7725]: [Reporting] High latency while navigating through WebAdmin after trying to display Web Reports
- [NUTM-7878]: [WAF] Segfault for HTTP 1.0 requests when cookie rewriting is enabled
- [NUTM-6845]: [Web] https://sslvpn.goodix.com does not loads through UTM PROXY
- [NUTM-7467]: [Web] Sandstorm communication issues in some configurations
- [NUTM-7697]: [Web] httpproxy.ConfdReload – core dump generated during configuration reload
- [NUTM-7895]: [Web] Enable SMB2 in Samba
- [NUTM-7939]: [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
- [NUTM-7967]: [Web] httpproxy coredump
- [NUTM-6950]: [WiFi] APs displayed as inactive in WebAdmin while clients connect to SSIDs which are still being broadcasted
- [NUTM-7495]: [WiFi] Wireless client IP in Webadmin not updated after changing the SSID
- [NUTM-7962]: [WiFi] Split traffic not working for wireless clients on RED15w after upgrade to v9.5
Alle die das Update noch nicht via Up2Date angeboten bekommen, können es hier runterladen und manuell installieren:
u2d-sys-9.501005-502004.tgz.gpg
Das Update erfordert einen Neustart der UTM, AccessPoints und Sophos REDs werden nach dem Firmware Update ebenfalls neu gestartet.
Beim Update unserer UTM 9 auf die aktuelle Firmwareversion: 9.502-4 ist die UTM aus der Domäne geflogen. Wieder aufgenommen –> funktioniert.
Meldung aus dem BSI zu diesem Sophos UTM Update:
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k17-1154.html
Hinweis https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/93895/utm-9-502-soft-release/339890