Maintainance-Update für Sophos UTM verfügbar (9.408-4)

Sophos hat diese Woche ein Maintainance-Update für die UTM-Appliances herausgegeben. Mit der Versionsnummer 9.408-4 kommen diverse Bugfixes für fast alle Subsysteme auf das Gateway. Allerdings verstecken sich in der Liste der Updates auch drei Security-Fixes für OpenSSL, BIND und die relativ gefährliche „Dirty Cow„-Lücke. Allein aus diesem Grund ist das Update für alle Systeme sehr zu empfehlen und sollte so bald wie möglich eingespielt werden.

Wer Stabilitätsprobleme mit dem HTTP-Proxy oder SG135-Appliances hat sollte sich das Update auch etwas näher ansehen. Hier könnte es deutliche Verbesserungen geben.

Up2Date 9.408004 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-5349]: [AWS] Restore fails if UTM is created with backup file in user data
Fix [NUTM-5466]: [AWS] ssh disabled – No connection to stack instances
Fix [NUTM-5546]: [AWS] UTM Cloud Update does not work in GovCloud
Fix [NUTM-5654]: [AWS] Conversion should not be visible for HA and AS
Fix [NUTM-3203]: [Access & Identity] [RED] If creation of RED device fails, certificates are not deleted
Fix [NUTM-4948]: [Access & Identity] [RED] Enabling wireless on RED15w causes ‚link down‘
Fix [NUTM-5068]: [Access & Identity] [RED] TCP Vulnerability (CVE-2016-5696)
Fix [NUTM-5173]: [Basesystem] Memory (swap) leak in RAID monitor
Fix [NUTM-5407]: [Basesystem] OpenSSL security update (1.0.1u)
Fix [NUTM-5461]: [Basesystem] BIND Security update (CVE-2016-2776)
Fix [NUTM-5714]: [Basesystem] CVE-2016-5195 – Linux Kernel – Dirty Cow
Fix [NUTM-3042]: [Configuration Management] Advanced Threat Protection page error when login as Network Protection Auditor
Fix [NUTM-4215]: [Documentation, Email] POP3 Proxy reporting source IP of 0.0.0.0
Fix [NUTM-4840]: [Email] Email is automatically released after timeout from Sandstorm
Fix [NUTM-5285]: [Email] SMTP file extension filter is case sensitive
Fix [NUTM-5599]: [Email] Mails with the same recipient set twice lead to corrupt mail queue
Fix [NUTM-4938]: [Endpoint] Customers who expand their EP license do not get EP Protection enabled
Fix [NUTM-5049]: [Endpoint] Liveconnect Connectivity Issue
Fix [NUTM-4400]: [HA/Cluster] pg_ctl: PID file „/var/storage/pgsql92/data/postmaster.pid“ does not exist
Fix [NUTM-3158]: [Kernel] Kernel freeze when running Web Proxy in full transparent mode
Fix [NUTM-3490]: [Network] Ethernet Bridge with dynamic IP looses connectivity after IP renewal
Fix [NUTM-4592]: [Network] OSPF: SSL VPN route injection still not working in 9.404
Fix [NUTM-5147]: [Network] Kernel panic on several SG135 – Kernel Fixes
Fix [NUTM-5542]: [SUM] Availability Group is unresolved after it was re-deployed without a real change
Fix [NUTM-5207]: [Sandboxd] Sandbox error when downloading a file with an umlaut in file name
Fix [NUTM-5209]: [Sandboxd] sandboxd is unable to open database file due to wrong ownership
Fix [NUTM-4816]: [Up2Date] Up2Date downloader logs errors in uplink balancing setups
Fix [NUTM-488]: [Virtualization] Fix unstable NIC ordering on VMWare
Fix [NUTM-5334]: [WebAdmin] Authenticated users might gain access to stored passwords (CVE-2016-7397, CVE-2016-7442)
Fix [NUTM-4167]: [Web] Web Protection Reporting filtered by departments doesn’t provide all data
Fix [NUTM-4806]: [Web] sandboxd is unable to insert into TransactionLog on HA setup
Fix [NUTM-4876]: [Web] URL request to parent proxy seems to be send as http request instead of https
Fix [NUTM-5136]: [Web] Web proxy in transparent mode removes authentication header
Fix [NUTM-5082]: [WiFi] IPSec traffic is not routed properly if the client is connected over Hotspot
Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly

Security Sophos UTM

fon:
+49 6561 942794

mobil:
+49 170 3074493

twitter:
@phasenraum_it