We’ve just released a new Up2Date package for all UTM 9.353 users, which provides a security update for all 9.35x users.
Read on for details about this release.
News
- Security Update
Remarks
- System will be rebooted
Bugfixes
- 36136 ISC DHCP security update (CVE-2015-8605)
- 36201 Bind Vulnerability CVE-2015-8000
- 36266 OpenSSH security update (CVE-2016-0777, CVE-2016-0778)
- 36281 XSS vulnerability in mod_url_hardening [9.35]
- 36282 XSS vulnerability in mod_avscan [9.35]
ftp link: | ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.353004-354004.tgz.gpg |
Up2date MD5sum: |
e9ae9a5d308c48a1d247024e4b8649fc |
File size: | ~3.89 MB |
Up2Date Installation
Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:
- Log on to WebAdmin, navigate to Management > Up2Date > Overview and use “Update to latest version now” to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
- Download the Up2Date package from our HTTP or FTP Server and install it under Management > Up2Date > Advanced.
If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).
Feedback
- If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
- You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!
- If you have any questions or comments regarding this release, please see our online forums for more information.
Alan Toews
Technical Product Manager
Lisa Starbuck
When will Sophos address CVE-2015-7547?
Michael
Will there be another update for the current glibc bug?
Alan Toews
Please note that this update does not address glibc (CVE-2015-7547) That patch is currently in testing, and can be expected as soon as next week. We have posted a kb where you may track the status of this: https://www.sophos.com/en-us/support/knowledgebase/123675.aspx
At the time of posting, it conservatively lists the expected date as being more than one week out – however, that is a very conservative estimate, should there be any problems in testing. I am looking for 9.355 next week to address this.