This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

twister5800 over 9 years ago

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)

News

· Security Update
Remarks

· System will be rebooted
Bugfixes

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q

This thread was automatically locked due to age.

Parents

eremit over 9 years ago

Hi all:

First of all, many thanks for pointing our attention to this issue.

We had been able to reproduce and identify the source of the issue in the so-called Flow Monitor and will provide a fix in a future version.

Cheers,
Sascha Rudolph
Senior Software Engineer
Cancel
Vote Up 0 Vote Down

Cancel
AndreasRieger over 9 years ago in reply to eremit

Hi Sascha,
comes the Bugfix up2date version in the next days, or can the Sophos support fix this issues with an rpm package installation?
One of my customer nee this fix fast on his main Gateway.

Greetings Andy
Cancel
Vote Up 0 Vote Down

Cancel
eremit over 9 years ago in reply to AndreasRieger

Hi Andy:

Support will be provided a corresponding RPM - so they will be able to fix this issue on customer boxes.

Unfortunately I cannot give you any information on the Up2date schedule and when this fix will be pushed out.

Cheers,
Sascha
Cancel
Vote Up 0 Vote Down

Cancel
zaphod over 9 years ago in reply to eremit

Is it possible to get this rpm over your side? support answers really slow...
Cancel
Vote Up 0 Vote Down

Cancel
eremit over 9 years ago in reply to zaphod

I'm sorry to let you know that I'm not allowed to distribute any RPMs or direct file replacements here.
Cancel
Vote Up 0 Vote Down

Cancel
zaphod over 9 years ago in reply to eremit

Just an info for all licensed Sophos Users without partner-status or without gold/platinum support:

even you got an paid license for your UTM you will not receive the needed RPM-File from sophos support.

You need to contact your Sophos Partner to get the file.
Cancel
Vote Up 0 Vote Down

Cancel
RyanDougherty over 9 years ago in reply to zaphod

Totally off topic but how well does that Zotac box work for Sophos UTM at home? TIA
Cancel
Vote Up 0 Vote Down

Cancel
AndreasRieger over 9 years ago in reply to eremit

Hi Sascha,

i opened an ticket (#5601008) for the customer UTM in myutm portal. Sophos Support answers me, that they list the issue under the bug tracking ID 36171.

I should be patient.
If there any news for this Sophos support will inform me.

Can they fix this issues now, or not?

In earlier versions of the UTM exists an heavy security leak for the Webadmin interface (http://heise.de/-3044717).

It would be nice, if i can provide my customers an secure and fully running UTM OS and not an buggy, or an insecure UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

AndreasRieger over 9 years ago in reply to eremit

Hi Sascha,

i opened an ticket (#5601008) for the customer UTM in myutm portal. Sophos Support answers me, that they list the issue under the bug tracking ID 36171.

I should be patient.
If there any news for this Sophos support will inform me.

Can they fix this issues now, or not?

In earlier versions of the UTM exists an heavy security leak for the Webadmin interface (http://heise.de/-3044717).

It would be nice, if i can provide my customers an secure and fully running UTM OS and not an buggy, or an insecure UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data