[UPDATED 16 April 2014 13:40 EDT] We have released a new Up2Date for our free UTM central management tool – Sophos UTM Manager. Release 4.106-2 is fixing the OpenSSL vulnerability formerly reported. Read on for details!
Sophos UTM 4.106002
- Provide Fix for OpenSSL vulnerability (CVE-2014-0160)
- System will be rebooted
- Configuration will be upgraded
- No other bugfixes in this release
To apply the patch proceed as follows:
• Log into the SUM WebAdmin on port 4444 (not Gateway Manager which is by default on port 4422)
• Navigate to Management | Up2Date | Overview and use Update to latest version now to install the Firmware Up2Date
• Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation (The System administrator will receive a notification email once the Up2Date process has finished)
Alternatively you can download the Up2Date package from our FTP Server and install it under Management | Up2Date | Advanced:
First update from 4.105 to 4.106:
Second update from 4.106 to 4.106-2:
IPS Protection from Heartbleed in Sophos UTM
In addition to security patches, IPS signatures have been released to protect servers behind Sophos UTM from Heartbleed attacks.
IPS update u2d-ipsbundle-9.133 includes the Heartbleed signature.
|Sophos Up2Date FTP Mirrors:|
- If you want to provide feedback or want to discuss any of the SUM V4 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you). e.g. “[4.100] Central Backup Management Question”.
- If you have any feedback on our help, manual, or any documentation (Online Help) please send it to firstname.lastname@example.org.
- You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!
Senior Product Manager