Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 127 replies
  • Subscribers 56 subscribers
  • Views 245430 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

twister5800

DO NOT INSTALL - THE UPDATES ARE FAULTY (Read this thread through!)

News

· Security Update
Remarks

· System will be rebooted
Bugfixes

36115 WebAdmin reflective XSS Vulnerability
36126 OpenSSL security update 1.0.1q



This thread was automatically locked due to age.
Parents
  • Update: The issue I described above seems to have occured coincidentally following the reboot of the 2 HA nodes after update- seems to be a nasty Problem with HA and automatic updates where the UTM tries to automagically Switch between the two nodes and update them both.
    I can see on the remaining active node (other node has been disabled (a.k.a. power plug pulled) to maintain a definitive state) that some of the NICs Show als own MAC the virtual one, not the manufacturers MAC.

    =>Not the fault of up2date 9.352 ;-)

    By the way: My Graphs are working fine...
  • in reply to OlafHoyer

    OlafHoyer said:


    Question: Where can I have a look which components have changed in the 9.352-6 patch? I assumed that only some issues in the webinterface have been fixed, so I did not expect this drastic behaviour- which will cost me part of the weekend to fix...


    List of rmps
    gatekeeper:/home/login # tar zxvf install-sys-9.352006.tgz
    u2d-ohelp9-9-118.i686.rpm
    ep-ha-aws-9.35-28.ge0bdd81.rb1.i686.rpm
    libopenssl1_0_0-1.0.1k-315.gd74c95a.i686.rpm
    libopenssl1_0_0_httpproxy-1.0.1k-315.gd74c95a.i686.rpm
    openssl-1.0.1k-315.gd74c95a.i686.rpm
    ep-up2date-9.35-10.g474a285.i686.rpm
    ep-up2date-downloader-9.35-10.g474a285.i686.rpm
    ep-up2date-pattern-install-9.35-10.g474a285.i686.rpm
    ep-up2date-system-install-9.35-10.g474a285.i686.rpm
    ep-webadmin-9.35-178.ge610088.i686.rpm
    ep-chroot-httpd-9.35-7.g983ba17.rb1.noarch.rpm
    ep-release-9.352-6.noarch.rpm

    OlafHoyer said:
    Irritating stuff, as OpenSSL should have been updated to 1.0.1j:

    They have been on 1.0.1k for a while www.astaro.org/.../58343-9-314013-ga-released.html . I guess as long as the current version is patched we are ok. Even in the release notes it says OpenSSL security update 1.0.1q. Don't know why don't they call it 1.0.1q

Reply
  • in reply to OlafHoyer

    OlafHoyer said:


    Question: Where can I have a look which components have changed in the 9.352-6 patch? I assumed that only some issues in the webinterface have been fixed, so I did not expect this drastic behaviour- which will cost me part of the weekend to fix...


    List of rmps
    gatekeeper:/home/login # tar zxvf install-sys-9.352006.tgz
    u2d-ohelp9-9-118.i686.rpm
    ep-ha-aws-9.35-28.ge0bdd81.rb1.i686.rpm
    libopenssl1_0_0-1.0.1k-315.gd74c95a.i686.rpm
    libopenssl1_0_0_httpproxy-1.0.1k-315.gd74c95a.i686.rpm
    openssl-1.0.1k-315.gd74c95a.i686.rpm
    ep-up2date-9.35-10.g474a285.i686.rpm
    ep-up2date-downloader-9.35-10.g474a285.i686.rpm
    ep-up2date-pattern-install-9.35-10.g474a285.i686.rpm
    ep-up2date-system-install-9.35-10.g474a285.i686.rpm
    ep-webadmin-9.35-178.ge610088.i686.rpm
    ep-chroot-httpd-9.35-7.g983ba17.rb1.noarch.rpm
    ep-release-9.352-6.noarch.rpm

    OlafHoyer said:
    Irritating stuff, as OpenSSL should have been updated to 1.0.1j:

    They have been on 1.0.1k for a while www.astaro.org/.../58343-9-314013-ga-released.html . I guess as long as the current version is patched we are ok. Even in the release notes it says OpenSSL security update 1.0.1q. Don't know why don't they call it 1.0.1q

Children
No Data
Unfiltered HTML