Sophos UTM: New update (9.602-3)

Sophos has released a new update for UTM 9.6. The update raises the version of the UTM to 9.602-3. The following problems are fixed with the update:

• [NUTM-9877]: [Access & Identity] Configurable RADIUS timeout for L2TP over IPsec
• [NUTM-10728]: [Access & Identity] Race condition on configuration change of RED device
• [NUTM-10190]: [Basesystem] CVE-2018-15473: OpenSSH username enumeration
• [NUTM-10362]: [Email] MIME type detection doesn’t work as expected – header Content-Type always considered
• [NUTM-10480]: [Email] Mail Based XSS in Sophos UTM 9
• [NUTM-10484]: [Email] POP3 Proxy stops working sometimes
• [NUTM-10545]: [Email] Update SPX placeholder description
• [NUTM-10521]: [Logging] /tmp partition getting full when using livelog
• [NUTM-10291]: [Network] DNS Host object not updated/unresolved
• [NUTM-10460]: [Network] GeoIP dropping traffic from allowed region
• [NUTM-10537]: [Network] Additional IP address on a bridge interface exist in back-end even after deleting it
• [NUTM-10536]: [RED] Wifi traffic on the internal RED15w AP is always routed through the RED tunnel
• [NUTM-10594]: [RED] RED50 disconnects randomly
• [NUTM-10595]: [Sandstorm] Sandbox Activity Tab not accessible due to license error
• [NUTM-10852]: [Sandstorm] Sandboxd complaining on missing column in database/sqlite
• [NUTM-10626]: [WAF] Let’s Encrypt certificate renewal fails because of failing terms of service check
• [NUTM-10644]: [WAF] mod_session_cookie does not respect expiry time (CVE-2018-17199)
• [NUTM-10661]: [WAF] SSL redirect broken for wildcard certificates
• [NUTM-10322]: [Web] Proxy crash with coredump on UTM 9.508
• [NUTM-10633]: [Web] New web templates for content warn does not work in 9.6
• [NUTM-10657]: [Web] httpproxy uses up all CPUs in peak hours, resulting in slow browsing
• [NUTM-10668]: [Web] Quota relevant web page are accessible when using AD SSO
• [NUTM-10758]: [Web] Application Control – Skiplist not working for destination IP
• [NUTM-10546]: [Wireless] Updating to 9.6 GA with REDw devices causes corrupt payload and AP becomes inactive

The update will be rolled out via Up2Date in the near future. If you don't want to wait until the update is offered by the UTM, you can also download and install it manually. The corresponding download link can be found here:

• u2d-sys-9.601005-602003.tgz.gpg

You should not wait long to install the update, as it fixes some critical security vulnerabilities. Here is another link from DFN-CERT:

• 2019-0857: Sophos UTM: Multiple vulnerabilities allow user names to be spied on, among other things

If RED15w devices are used in conjunction with the UTM, this comment could be quite interesting:

Source: UTM Up2Date 9.602 Released