Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 2 subscribers
  • Views 8412 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.105 Soft-Released

ebegoc
Hi everyone, this is a soft-release for manual download/installation of several versions of UTM 9.105. We put this out mainly for a security fix around Webadmin, but will use this release for a few bug fixes, too (details below). We'll push this out ASAP as GA, until then, here are the details for soft-releaser's! 

Sophos UTM 9.105
News

  • Security Fix
  • Fix vulnerability in WebAdmin


Remarks

  • System will be rebooted


Bugfixes
  • 27295 Two processes of repctld run on slave after switching preferred master, and therefore it is still shown as syncing
  • 27580 audld.plx gets stuck and UTM is not able to download patterns anymore


Download
Up2date Link: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.104017-105007.tgz.gpg
Up2Date MD5Sum: 8874d4b29c0781f67a7ee6df946ce681
Up2Date Size: ~32 MB


This thread was automatically locked due to age.
Parents
  • 0
    i'm curious bout the security issue.  What was it?  Hiding it from us doesn't help the partners and others..i bet the bad boys know about it already.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • 0
    i'm curious bout the security issue.  What was it?  Hiding it from us doesn't help the partners and others..i bet the bad boys know about it already.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children
  • 0 in reply to William Warren
    i'm curious bout the security issue.  What was it?  Hiding it from us doesn't help the partners and others..i bet the bad boys know about it already.


    I don't think they will reveal before another GA version is out. Majority of admins might not even know about soft-releases and if they do, they may not like to install non-GA versions.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to William Warren
    i'm curious bout the security issue.  What was it?  Hiding it from us doesn't help the partners and others..i bet the bad boys know about it already.

    Hi William,
    the bug is NOT disclosed yet and yes there will be details available after 9.105 GA.
  • 0 in reply to snowcrash_01
    Hi William,
    the bug is NOT disclosed yet and yes there will be details available after 9.105 GA.


    Hi,
    I'd like to know if restricting access to webadmin (and the user portal?) is effective mitigation.

    Barry
  • 0 in reply to BarryG
    Hi,
    I'd like to know if restricting access to webadmin (and the user portal?) is effective mitigation.

    Barry


    Yes it is - if you restrict on IP level (which you should always do, anyway).
Cookie Information Banner