Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 127 replies
  • Subscribers 56 subscribers
  • Views 245426 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

twister5800

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)

News

· Security Update
Remarks

· System will be rebooted
Bugfixes

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q



This thread was automatically locked due to age.
Parents
  • Soo- at work and debugging the Update screwup on our HA pair of formerly 9.351->9.352 that went bad.

    At shell-level I can see that there were following updates installed:
    <M> fw1:/etc # rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n'|grep Dec
    1450166813 (Tue 15 Dec 2015 09:06:53 AM CET) u2d-ohelp9
    1450374005 (Thu 17 Dec 2015 06:40:05 PM CET) libopenssl1_0_0
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-downloader
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-chroot-httpd
    1450625258 (Sun 20 Dec 2015 04:27:38 PM CET) u2d-savi
    1449901313 (Sat 12 Dec 2015 07:21:53 AM CET) u2d-geoip
    1450374005 (Thu 17 Dec 2015 06:40:05 PM CET) libopenssl1_0_0_httpproxy
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-pattern-install
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-webadmin
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-release
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) openssl
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-system-install

    (Update was Thursday, 17.Dec at 18:40 local time)

    Irritating stuff, as OpenSSL should have been updated to 1.0.1j:

    <M> fw1:/etc # rpm -qi openssl
    Name : openssl Relocations: (not relocatable)
    Version : 1.0.1k Vendor: Astaro GmbH & Co. KG
    Release : 315.gd74c95a Build Date: Fri 04 Dec 2015 04:29:45 PM CET
    Install Date: Thu 17 Dec 2015 06:40:06 PM CET Build Host: axgbuild
    Group : Productivity/Networking/Security Source RPM: openssl-1.0.1k-315.gd74c95a.src.rpm
    Size : 561362 License: OpenSSL
    Signature : (none)
    Packager : Astaro GmbH & Co. KG
    URL : http://www.openssl.org/
    Summary : Secure Sockets and Transport Layer Security
    Description :
    The OpenSSL Project is a collaborative effort to develop a robust,


    =>Why ist there a 1.0.1k Version installed? Announcement in Sophos Blog suggested a 1.0.1j?


    So there were really only two major components updated, the rest is IMHO only normal stuff that gets updated with normal background pattern updates etc.
Reply
  • Soo- at work and debugging the Update screwup on our HA pair of formerly 9.351->9.352 that went bad.

    At shell-level I can see that there were following updates installed:
    <M> fw1:/etc # rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n'|grep Dec
    1450166813 (Tue 15 Dec 2015 09:06:53 AM CET) u2d-ohelp9
    1450374005 (Thu 17 Dec 2015 06:40:05 PM CET) libopenssl1_0_0
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-downloader
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-chroot-httpd
    1450625258 (Sun 20 Dec 2015 04:27:38 PM CET) u2d-savi
    1449901313 (Sat 12 Dec 2015 07:21:53 AM CET) u2d-geoip
    1450374005 (Thu 17 Dec 2015 06:40:05 PM CET) libopenssl1_0_0_httpproxy
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-pattern-install
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-webadmin
    1450374008 (Thu 17 Dec 2015 06:40:08 PM CET) ep-release
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) openssl
    1450374006 (Thu 17 Dec 2015 06:40:06 PM CET) ep-up2date-system-install

    (Update was Thursday, 17.Dec at 18:40 local time)

    Irritating stuff, as OpenSSL should have been updated to 1.0.1j:

    <M> fw1:/etc # rpm -qi openssl
    Name : openssl Relocations: (not relocatable)
    Version : 1.0.1k Vendor: Astaro GmbH & Co. KG
    Release : 315.gd74c95a Build Date: Fri 04 Dec 2015 04:29:45 PM CET
    Install Date: Thu 17 Dec 2015 06:40:06 PM CET Build Host: axgbuild
    Group : Productivity/Networking/Security Source RPM: openssl-1.0.1k-315.gd74c95a.src.rpm
    Size : 561362 License: OpenSSL
    Signature : (none)
    Packager : Astaro GmbH & Co. KG
    URL : http://www.openssl.org/
    Summary : Secure Sockets and Transport Layer Security
    Description :
    The OpenSSL Project is a collaborative effort to develop a robust,


    =>Why ist there a 1.0.1k Version installed? Announcement in Sophos Blog suggested a 1.0.1j?


    So there were really only two major components updated, the rest is IMHO only normal stuff that gets updated with normal background pattern updates etc.
Children
No Data
Unfiltered HTML