Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 59 replies
  • Subscribers 2 subscribers
  • Views 29386 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.211-03 Released!

BrucekConvergent
UTM Version 9.211 has been released, primarily to fix the GLIBC vulnerability.

Up2Date 9.211003 package description:

Remark:
 System will be rebooted

News:
 Security Update
 Update glibc to fix potential vulnerability (GHOST, CVE-2015-0235)

Bugfixes:
 Fix [33515]: SMTP Vulnerability in SSL v3.0 [9.2]
 Fix [33516]: POP3 Vulnerability in SSL v3.0 [9.2]
 Fix [34133]: NTP Vulnerabilities , CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 [9.2]
 Fix [34355]: glibc vulnerability (GHOST, CVE-2015-0235) [9.2]
 Fix [34403]: [9.2] Upgrade ctipd to apply security fix for GHOST

RPM packages contained:
 glibc-2.11.3-17.74.13.1335.g92abe51.i686.rpm      
 glibc-locale-2.11.3-17.74.13.1335.g92abe51.i686.rpm
 ctasd-5.00.0075-0.g9f0f72f.rb1.i686.rpm           
 ctipd-4.00.0021-0.ga9e437b.rb1.i686.rpm           
 ep-mdw-9.20-402.ge50b306.i686.rpm                 
 ep-chroot-ntp-9.20-4.gebca7b5.rb2.noarch.rpm      
 ep-chroot-smtp-9.20-204.g6e45779.i686.rpm         
 ep-chroot-pop3-9.20-6.g9527d72.i686.rpm           
 ep-release-9.211-3.noarch.rpm


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to William Warren
    Yes I know... So because there was never a 2nd 9.210 fix you'll have to fix TLS manually like in Version 9.210. Am I right??? Sophos did not fix this with this Update? 
    As far as I know there was just a fix in 9.3XX for the TLS/E-Mail issue that came with 9.210???
    I just want to know if a fix like this is now included in 9.211-03 or if I manually have to fix the TLS like in 9.210 for every customer appliance I want to update (from 9.209-8 to 9.2.11-03)...
  • 0 in reply to SWeissflog
    9.211, in addition to fixing the Ghost vulnerability, does fix the issues in the TLS configuration for SMTP that were created in 9.210.  The settings match what is recommended in KB article https://www.sophos.com/en-us/support/knowledgebase/121761.aspx

    The release notes with the update also mention SSLv3 "fixes" so this is what was meant by those items.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I'm puzzeled: Must we give up our stable version 9.209008 to get glibc fixed for the price not having a functional logging system?

    Did anybody update to 9.211 and still has live logs?

    Thanks   
    Peter
  • 0 in reply to pebo

    Did anybody update to 9.211 and still has live logs?


    I tried 9.210 a while back and had all the log problems everyone else had so I went back to 9.209.  A couple of days ago I upgraded to 9.211 and have no problems with the logs now.  The log list opens in 3 seconds and any live log opens in under 10 seconds.

    Rick
  • 0 in reply to RickWeiss
    Thank you Rick- you give me hope to be able to stay on 9.2xx! I will post some results tomorrow.
  • 0 in reply to RickWeiss
    I tried 9.210 a while back and had all the log problems everyone else had so I went back to 9.209.  A couple of days ago I upgraded to 9.211 and have no problems with the logs now.  The log list opens in 3 seconds and any live log opens in under 10 seconds.

    Rick


    Rick what browser are you using (just in case that makes a difference)?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Rick what browser are you using (just in case that makes a difference)?


    I am using Chrome version 40.0.2214.111
  • 0 in reply to pebo
    I'm puzzeled: Must we give up our stable version 9.209008 to get glibc fixed for the price not having a functional logging system?

    Did anybody update to 9.211 and still has live logs?

    Thanks   
    Peter


    Same question here !!!! 

    ps: 9.209008 not so "stable", it clearly has a memory leak, but.... i´m not jumping on 9.3*** bandwagon at this time...
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML