Sophos UTM: Neues Update (9.508-10)

Heute von Sophos ein Update für die UTM 9 veröffentlicht. Das Update aktualisiert die UTM auf Version 9.508-10. Das Update ist knapp 170 MB groß und soll diese Probleme beheben:

• [NUTM-8739]: [Access & Identity] Argos segfault and coredump after update to v9.502
• [NUTM-9164]: [Access & Identity] SSLVPN installation packages fail to copy user profile during installation
• [NUTM-9344]: [Access & Identity] All users are locked when a lockout policy via GPO was set
• [NUTM-9047]: [Basesystem] VLAN interface on the bridge doesn’t come up when slave becomes the master
• [NUTM-9296]: [Configuration Management] Report Auditor is unable to open the dashboard in UTM
• [NUTM-9397]: [Configuration Management] Log Remote Archiving via SCP fails when used with OpenSSH >= 7.0
• [NUTM-9497]: [Documentation] ATP – Invalid status display on Webadmin for Japanese,Russian,Spanish language
• [NUTM-4174]: [Email] POP3 spool cleanup does not work
• [NUTM-8794]: [Email] Wrong MIME Type detection
• [NUTM-8937]: [Email] Upgrade SMIME
• [NUTM-9046]: [Email] SPX binary error with Office365
• [NUTM-9098]: [Email] Mail stuck in work queue
• [NUTM-9252]: [Email] Patch Exim for CVE-2014-2972 and CVE-2016-9963
• [NUTM-9259]: [Email] POP3 Proxy coredump in „libc_start_main“
• [NUTM-9337]: [Email] Selecting an AD Server for AD Recipient Verification in SMTP isn’t possible after update to v9.506
• [NUTM-9382]: [Email] WebAdmin user not able to disable the „Recipient Verification“ in SMTP Routing
• [NUTM-9303]: [HA/Cluster] HA „max_nodes“ option set to 3 causes named to fail to start
• [NUTM-9405]: [HA/Cluster] Interface MAC addresses shouldn’t get replicated on slave node if virtual_mac is set to 0
• [NUTM-3497]: [Network] BGP soft-reconfiguration not working
• [NUTM-8118]: [Network] After upgrading to 9.500 „Service Monitor not running – restarted“ notifications being received
• [NUTM-8432]: [Network] Local Privilege Escalation via confd Service
• [NUTM-8604]: [Network] Changing a bridge IP address causes bridge to go down when using vlans
• [NUTM-8887]: [Network] DNS group objects doesn’t delete old IP addresses
• [NUTM-9064]: [Network] Network monitoring daemon constantly restarts since upgrade to 9.503
• [NUTM-9177]: [Network] Disabled static routes are being put into the routing table
• [NUTM-9465]: [Network] Wrong/Old IPv6 Tunnel Broker URLs in Webadmin
• [NUTM-8759]: [Sandboxd] Add support for Sandstorm’s Asia data centre
• [NUTM-9006]: [UI Framework] Not possible to download different SSLVPN User Profiles in one Firefox session
• [NUTM-6955]: [WebAdmin] Error text appears in dialog when trying to view user object usage
• [NUTM-8567]: [WebAdmin] Update to ImageMagick-7.0.7-11
• [NUTM-9116]: [WebAdmin] Object information can’t be displayed for specific objects
• [NUTM-9128]: [WebAdmin] PCI Scan failing on UserPortal due to missing HSTS and CSP
• [NUTM-9430]: [WebAdmin] Issue with X-Content-Type-Options header presented by UTM
• [NUTM-7201]: [Web] HTTP Proxy connections hang in CLOSE_WAIT state
• [NUTM-8638]: [Web] Add group visibility in log with unlimited AD groups
• [NUTM-8746]: [Web] After changing group membership, old one is still available from winbind
• [NUTM-8886]: [Web] TLS Input/output error when connecting to web site
• [NUTM-9113]: [Web] HTTP Proxy coredump on 9.505
• [NUTM-9166]: [Web] HTTP Proxy coredump on function deny_ntlm_auth
• [NUTM-9332]: [Web] DNSExpire coredump causes slow browsing
• [NUTM-9416]: [Web] HTTP Proxy coredump on 9.506 with signal SIGFPE Arithmetic Exception
• [NUTM-3127]: [Wireless] AP55/100 connection issues – disconnected due to excessive missing ACKs
• [NUTM-6640]: [Wireless] Fix visibility of Fast Transition option in different security modes
• [NUTM-7013]: [Wireless] Frequent disconnects on guest wifi network after >1 week
• [NUTM-8243]: [Wireless] Update dropbear SSH Server to fix CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406
• [NUTM-8299]: [Wireless] UTM stops broadcasting SSIDs for the built-in wireless after upgrade to 9.5
• [NUTM-8781]: [Wireless] W-appliance – wireless network connection issue with Bridge to AP LAN
• [NUTM-8827]: [Wireless] Internal wireless not broadcasting SSID after updating to 9.503
• [NUTM-8832]: [Wireless] Integrated wireless adapter can be deleted
• [NUTM-8930]: [Wireless] Unable to see the SSID and connect to local wifi on 2.4 Ghz band
• [NUTM-8940]: [Wireless] kernel: [ xxxx.xxxxx] CPU: 0 PID: 13902 Comm: iw Tainted: G W O 3.12.74-0.265397234.g263c982.rb6-smp64 #1
• [NUTM-8945]: [Wireless] SG115w SSID not broadcasted since updated to 9.503

Die Liste der Fixes ist ziemlich lang, unter anderem sollen auch die doch ziemlich nervigen Probleme der E-Mail Protection behoben worden sein. Da Sophos in der Vergangenheit kein glückliches Händchen mit Update hatte, sollte hier ausgiebig getestet werden und ein Backup erzeugt werden. Das letzte Update wurde am 21.November veröffentlicht, ich hoffe Sophos hat sich Zeit für intensive Tests genommen.

Das Update lässt sich unter folgenden Link runterladen:

• http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.507001-508010.tgz.gpg

Falls das Update noch nicht via Up2Date angeboten wird, lässt es sich dann manuell installieren:

Wer nicht sofort aktualisiert, findet hier eine gute Anlaufstelle um sich über ggf. auftretende Probleme vorab zu informieren:

• UTM Up2Date 9.508 Released

Update 01.03.2018:

Es sind sogar 2 Updates die heute veröffentlicht wurden:

• http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.506002-507001.tgz.gpg
• http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.507001-508010.tgz.gpg

Das Update auf 9.507-1 ist Voraussetzung für 9.508-10. Das erste Update behebt diese beiden Probleme und ist 44 MB Groß:

• [Basesystem] Support for new SG1xx(w) models
• [WAF] Certificate dropdown is visible for virtual webserver using HTTP