What about CVE-2018-6789

Hi Community,

Wanted to update this thread. Please see the recently posted KBA regarding this. A prefix patch is now available. Customers who want this patch should contact Sophos Support.

Regards,

FloSupport | Community Support Engineer

Hello,

it's quit more than a week now, and the bug is critical: Do you have reliable news about the official release?

Regards, Peter

Hi pebo 

This patch should be included in the next UTM 9.509 release, which is tentatively scheduled to be released next week. However, if you require this patch immediately, I would advise that you open a support case to request this to be installed for you.

Regards,

FloSupport | Community Support Engineer

Hi pebo 

This patch should be included in the next UTM 9.509 release, which is tentatively scheduled to be released next week. However, if you require this patch immediately, I would advise that you open a support case to request this to be installed for you.

Regards,

FloSupport | Community Support Engineer

Hey Community,

The patch has been included in the UTM 9.509 release. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Best,

Many thanks for the support.

I confirm today the fix with new update 9.509-3:

Bugfixes

NUTM-9619 [Email] CVE-2018-6789: buffer overflow in base64d function in SMTP listener

Max.