Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 2 subscribers
  • Views 395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

8.314

teched_01
As noted by StupendousYappi.

u2d-sys-8.314.tgz.gpg


System will be rebooted
Security Release
Disable SSLv3 support in many services to remove vulnerability to SSLv3 protocol vulnerability ("POODLE", CVE-2014-3566)



Update bash package to fix potential vulnerabilities
References: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
So far we are not aware of any service on UTM actually exposing these problems to attackers, this is a precauti
onary update.



Fix 33160 Timezone update needed for Russia [v8]
Fix 33424 Vulnerability in SSL v3.0 (Poodle, CVE-2014-3566)
Fix 33426 CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands [8.3]


I also see in the up2date package "fixeep-82574_83.sh" (essentially the same as https://sourceforge.net/projects/e1000/files/e1000e%20stable/eeprom_fix_82574_or_82583/fixeep-82574_83.sh (README).  The existence and contents of /tmp/.fixeep.log should let you know if the script was run in the up2date and what it did.  (Please share)


This thread was automatically locked due to age.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?