UTM Up2Date 9.304 Released

nsg

Today’s Up2Date package for Sophos UTM 9.3 will introduce many small additions and several fixes to our current UTM platform. It will also open upgrade paths from UTM 9.210 to the latest release.

For details on installation options and latest additions in this package please read on.

In an earlier post we introduced the great new additions we added to the UTM 9.3 which you certainly find useful before proceeding with your update!

UTM 9.304009

News

  • 9.300 GA Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected RED devices will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes

  • 27313 AFC Rules does not work while using http proxy (transparent)
  • 27750 IPv6: Add support for DynDNS (Dyn & FreeDNS)
  • 28164 OSPF and default route priority issues
  • 29095 [BETA] improve reporting filter naming for ATP
  • 29963 profile mode ‘monitor’ does not work for Cookie signing
  • 30008 Problem with Remote IPsec access in case of ID type is ASN1 Distinguished Name and using static RAS IP
  • 30142 [BETA] SPX: spx encryption can not handle some greek characters
  • 30254 Import of non UTF-8 certificate breaks Webadmin access
  • 30825 IPv6: Add support for DHCPv6 ‘rapid commit’
  • 30851 emailpki_generate_user fails if pkcs12 file contains a cert twice
  • 30879 device-agent dies when mailsec.accu doesn’t exist
  • 31105 DynDNS: Add support for interface strategy for FreeDNS
  • 31116 Performance and scalability improvements of HTTP proxy
  • 31337 Too long hostname will break layout in dashboard
  • 31373 Form hardening exception match but doesn’t work
  • 31814 nextgen-agent restarting permanently
  • 31992 network range in network group shouldnt be allowed in allowed networks as per 21588
  • 31998 When BATV is active incoming mails are not decrypted
  • 32012 Postgres startup problem because pg_xlog files are missing
  • 32095 Keyboard Layout for RDP always defaults to QWERTY
  • 32237 Release of IPsec Pool IPs not working
  • 32286 Sorting of APs in Webadmin
  • 32571 [V9] Blocked HTTPS-Sites in Filter Action Mode ‘Blacklist’ doesn’t match if Exception is matching on Categories
  • 33095 RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported [9.3]
  • 33258 Cluster smtpd restarting permanently (segfaults and core dumps)
  • 33431 Enable/Disable sliders for Users objects not working when using Safari on MAC or IOS
  • 33465 ad-sid-sync.pl fails to connect to DC if Bind DN contains a comma
  • 33479 [9.3] Not possible to change TLS certificate
  • 33496 [9.3] Not possible to delete VPN tunnel managed by SUM after use “cleanup object”
  • 33515 SMTP Vulnerability in SSL v3.0
  • 33516 POP3 Vulnerability in SSL v3.0
  • 33520 [9.3] Wireless Security Manager can’t accept new AP’s
  • 33527 Site path routing tab is not visible with “web application protection manager” access
  • 33566 Aua child core dumps during Tacacs+ authentication
  • 33624 [9.3] WAF report ‘Top Groups by Virtual Host’ wrong filtering
  • 33632 Can’t disable Application control with Web Protection Manager role
  • 33655 Special characters in SSID lead to an awed crash [9.3]
  • 33720 [9.3] Coredumps from reverseproxy after update to v9.206
  • 33722 [9.3] Special characters like umlauts didn’t work in passwords with reverse authentication for the WAF
  • 33769 [9.3] ad-sid-sync.pl fails to lookup trusted domains groups
  • 33771 [9.3] Device auth reports wrong client information and iOS 8 isn’t detected properly
  • 33805 [9.3] Full transparent AD SSO redirect URL request gets dropped by packetfilter
  • 33807 [9.3] Guest login fails in transparent browser auth mode if “terms of use” confirmation
  • 33527 Site path routing tab is not visible with “web application protection manager” access
  • 33566 Aua child core dumps during Tacacs+ authentication
  • 33624 [9.3] WAF report ‘Top Groups by Virtual Host’ wrong filtering
  • 33632 Can’t disable Application control with Web Protection Manager role
  • 33655 Special characters in SSID lead to an awed crash [9.3]
  • 33720 [9.3] Coredumps from reverseproxy after update to v9.206
  • 33722 [9.3] Special characters like umlauts didn’t work in passwords with reverse authentication for the WAF
  • 33769 [9.3] ad-sid-sync.pl fails to lookup trusted domains groups
  • 33771 [9.3] Device auth reports wrong client information and iOS 8 isn’t detected properly
  • 33805 [9.3] Full transparent AD SSO redirect URL request gets dropped by packetfilter
  • 33807 [9.3] Guest login fails in transparent browser auth mode if “terms of use” confirmation is required
  • 33808 [9.3] High load after pattern installation
  • 33809 [9.3] winbindd died in kernel_vsyscall
  • 33811 [9.3] ad-sid-sync.pl is executed even if AD sync is disabled
  • 33813 [9.3] Policy tester always returns “allowed” if warn page is proceeded once
  • 33823 Routing domain wildcards isn’t working for SMTP profiles.
  • 33974 Vulnerability for openvpn connections CVE-2014-8104
  • 33977 [9.3] Can’t send a VPN Profile to the SMC if the Organization Name includes a umlaut
  • 33978 [9.3] Config changes in IPsec remote access sometime causing a drop of established connections
  • 33980 [9.3] LDAPS fails on W2K12R2 with weak ciphers
  • 33981 [9.3] Group matching incorrect if user belongs to static and backend groups
  • 33996 [BETA] Some double byte characters aren’t filtered by DLP custom rule and AntiSpam Expressions filter.
  • 33997 Quarantine reports has got the wrong releaselink.
  • 33998 Unable to fetch POP3 accounts on iOS devices via POP3 Proxy
  • 33999 Remove RC4 from TLS ciphers in Exim
  • 34000 Mail preview should display kyrilic or chinese chars too.
  • 34001 Quarantined mail will be quarantine again after release with the same reason
  • 34004 POP3 Vulnerability in SSL v3.0
  • 34005 SMTP Vulnerability in SSL v3.0

 

Up2date link:  ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.210020-304009.tgz.gpg
Up2date MD5sum:  c963bd73fefc292d1659d73229fb2325
File size:  ~174MB

 

Up2Date Installation:

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Sophos UTM Up2Date FTP Mirrors:

Feedback

  • If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

Eric Bégoc
Senior Product Manager

Leave a Reply

Your email address will not be published. Required fields are marked *