Sophos UTM: New update (9.503-3)

Sophos has today released an update with the version number 9.503-3 for Sophos UTM. The update is intended to fix a total of 33 problems.

Unfortunately, Sophos has not had such a lucky hand with updates for the UTM in the past, so the last update fixed some problems, but also caused new ones. Unfortunately, this makes extensive testing necessary in the meantime.

According to Sophos, the following problems have been fixed:

• [NUTM-7891]: [AWS] awslogsd.log is beeing flooded with logmessages
• [NUTM-3196]: [Access & Identity] Overlapping backend user prefetches may not be executed
• [NUTM-7943]: [Basesystem] Ntpd permanently restarting on slave node
• [NUTM-8130]: [Basesystem] Linux vulnerability 'The Stack Clash'
• [NUTM-8442]: [Basesystem] Network Monitor heavily logs "Writing static route to" in fallback log
• [NUTM-8167]: [Configuration Management] Stored XSS in UTM
• [NUTM-8229]: [Configuration Management] Expiring certificate check still send notifications even after CA is regenerated
• [NUTM-8300]: [Configuration Management] Expiring certificate check error fails for incomplete date in certificate
• [NUTM-8431]: [Configuration Management] Privilege escalation via insecure directory permissions
• [NUTM-8160]: [Email] \N in Password of bind request causes account log out
• [NUTM-8173]: [Email] UTM fails to apply DKIM signature to outbound mail with reason RC -102
• [NUTM-8339]: [Email] Avira scanner in single or dual scan still results in SMTP proxy AV scanner unreachable errors on 9.414/9.501
• [NUTM-8364]: [Email] S/MIME encryption - automatic certificate extraction causing high load
• [NUTM-8464]: [Email] worker_do_get_file req content parsing error or missing parameters when mime header "From" in blank
• [NUTM-8455]: [Hardware] hardware detection for SG230nc
• [NUTM-6981]: [Network] No multicast packets visible on bridge with 10 Gbit interfaces
• [NUTM-7187]: [Network] PreDelegation does not work correctly during a PPPoE reconnect
• [NUTM-7502]: [Network] Wireless client hostname not displayed/updated
• [NUTM-7749]: [Network] Filter list with hosts didn't work in BGP and should not be possible to configure
• [NUTM-7754]: [Network] WAF permanently restarts on slave node
• [NUTM-8556]: [Network] SNMP - Error allocating more space for arpcache
• [NUTM-8017]: [REST API] REST API not returning expected objects from API Explorer
• [NUTM-8137]: [WAF] URL hardening prevents login to succeed as side effect of "Redirect to requested URL" feature
• [NUTM-8174]: [WAF] Increase LimitRequestLine
• [NUTM-8169]: [WebAdmin] Certain WebAdmin search fields not usable after upgrade to 9.414/9.5
• [NUTM-5797]: [Web] Winbindd: Exceeding 16000 client connections
• [NUTM-7070]: [Web] In Advanced Protection statistics, email count number for "Awaiting result" displayed in web field
• [NUTM-8102]: [Web] Standard SSO AD issue after updating to 9.5 - IE/Chrome failing/slow to load sites
• [NUTM-8191]: [Web] SSL exception matched for a specific website but didn't work
• [NUTM-8352]: [Web] Add patch for CVE-2017-11103 "Orpheus' Lyre"
• [NUTM-8353]: [Web] HTTP proxy AD-SSO authentication failing on 9.502 with more than 5,000 users or groups in AD
• [NUTM-8387]: [Web] UTM registering all of it's IPs in DNS when joining a domain
• [NUTM-8105]: [Wireless] Wireless network connected issue with Bridge to AP LAN

Anyone who has not yet been offered the update via Up2Date can download it here and install it manually:

u2d-sys-9.502004-503003.tgz.g (Update was withdrawn, see note at the end of the article)

The update requires a restart of the UTM, AccessPoints and Sophos REDs are also restarted after the firmware update.

Update 25.08.17Sophos has already withdrawn the update due to a problem:

Unfortunately the update package has an issue with a missing config file for Samba and we needed to pull the update package down from the FTP server. We are working on a replacement urgently.

UTM Up2Date 9.503 Released

Update 31.08.17Today Sophos has released the bug-fixed version. The update with the version number 9.504 "only" fixes one problem:

[Web] After 9.503-3 Update: net: error while loading shared libraries

Click here to download:

• u2d-sys-9.503003-503004.tgz.gpg
• u2d-sys-9.502004-503004.tgz.gpg

However, it took Sophos 6 days to do this...