Sophos UTM: Neues Update (9.510-4)

Nach knapp 4 Monaten hat Sophos ein Update für die UTM veröffentlicht. Das Update auf die Version 9.510-4 schließt diverse Sicherheitslücken und behebt einige funktionale Probleme. Lang erwartete Features, wie zum Beispiel die Unterstützung von Let’s Encrypt und IKEv2 lassen weiterhin auf sich warten.

Hier ist die Liste mit den Änderungen:

• [NUTM-8273]: [Basesystem] Inconsistent reporting data in hot standby environment
• [NUTM-9089]: [Basesystem] ulogd restarting randomly
• [NUTM-9423]: [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
• [NUTM-9516]: [Basesystem] CVE-2017-3145: BIND vulnerability
• [NUTM-9764]: [Basesystem] multiple NTP vulnerabilities
• [NUTM-9862]: [Basesystem] CVE-2018-8897: Don’t use IST entry for #BP stack
• [NUTM-9944]: [Basesystem] ‚ethtool -p‘ is not working for shared port
• [NUTM-9945]: [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
• [NUTM-9286]: [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
• [NUTM-9460]: [Email] Quarantine unscannable and encrypted content not working as expected
• [NUTM-9539]: [Email] SMTP callout with TLS does not work
• [NUTM-9627]: [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
• [NUTM-9771]: [Email] Redesign TFT detection to decrease false positives/negatives
• [NUTM-9836]: [Email] HSTS usage breaks Quarantine Report release link
• [NUTM-9789]: [Logging] Not able to archive logs using SMB share
• [NUTM-8969]: [Network] Inconsistent DHCP leases in WebAdmin
• [NUTM-9049]: [Network] Cannot change IPv4 interface as IPv6 gateway is required
• [NUTM-9194]: [Network] Static route switching to different VLAN
• [NUTM-9646]: [Network] eth0 is falsely marked „dead“ when running „hs“ on slave
• [NUTM-9739]: [Network] Network monitor restarting on slave nodes
• [NUTM-9795]: [RED] RED50 issue with large packets in Transparent/Split mode
• [NUTM-9607]: [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
• [NUTM-9624]: [Reporting] WAF – Top attackers won’t be displayed after upgrade to v9.5
• [NUTM-9719]: [SUM] Web Protection service shown as down in SUM
• [NUTM-9547]: [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
• [NUTM-9527]: [WAF]mod_url_hardening stack corruption
• [NUTM-8038]: [WebAdmin] WebAdmin not available
• [NUTM-9232]: [WebAdmin] Sometimes ‚backend connection failed‘ while login
• [NUTM-9529]: [WebAdmin] Role with ‚Web Protection Manager‘ rights can’t access Aplication Control
• [NUTM-9689]: [WebAdmin] Report Auditor role is unable to open the dashboard
• [NUTM-5293]: [Web] Google is missed in the Search Engines reports
• [NUTM-6240]: [Web] FTP download through HTTP Proxy in standard mode not possible
• [NUTM-9039]: [Web] Connections may fail when using upstream proxies due to „Proxy-Connection“ header being sent
• [NUTM-9399]: [Web] Classification for Windows Updates differs between AFC and conntrack
• [NUTM-9413]: [Web] Unable to upload certificate to „Local Verification CAs“
• [NUTM-9491]: [Web] HTTP Proxy coredumps with SIGABRT
• [NUTM-9549]: [Web] Proceeding after content warning results in display issues on redirected pages
• [NUTM-9599]: [Web] HTTP Proxy requests stuck without appropriate timeout
• [NUTM-9630]: [Web] Fallback log flooded with samlogon cache timeout messages
• [NUTM-9664]: [Web] Country blocking exception not working when HTTP Proxy is using SSO
• [NUTM-9720]: [Web] Can’t proceed content warning for MIME types if URL contains spaces
• [NUTM-9745]: [Web] HTTP Proxy coredumps with SIGSEGV
• [NUTM-7628]: [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
• [NUTM-8946]: [Wireless] APs displayed as inactive in WebAdmin while clients can connect
• [NUTM-9591]: [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
• [NUTM-9592]: [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
• [NUTM-9594]: [Wireless] Incorrect channel information showing on overview for LocalWifi
• [NUTM-9608]: [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
• [NUTM-9638]: [Wireless] Both local WiFi AP named ‚Local‘
• [NUTM-9731]: [Wireless] Not able to configure channel 12 and 13 on newer desktop models
• [NUTM-9735]: [Wireless] Set default channel width to 40MHz for 5GHz band
• [NUTM-9737]: [Wireless] SGw appliances missing frequency definitions for Nigeria

Leider erscheinen Updates für die UTM in immer unregelmäßigeren Abständen, wie eingangs erwähnt liegt das letzte Update schon 4 Monate zurück. Sophos schließt beispielsweise erst mit diesem Update eine Lücke in BIND (CVE-2017-3145), gemeldet wurde das Problem allerdings schon im Januar 2018:

https://kb.isc.org/article/AA-01542/0/CVE-2017-3145%3A-Improper-fetch-cleanup-sequencing-in-the-resolver-can-cause-named-to-crash.html

Ich würde mir wünschen, dass Sophos hier zügiger Updates veröffentlicht.

Wenn das Update noch nicht in WebAdmin angezeigt wird, kann es hier manuell runtergeladen werden:

http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.509003-510004.tgz.gpg

Da Sophos in der Vergangenheit kein glückliches Händchen mit Updates hatte, sollte vor dem Update ein Backup erstellt werden.