[German]Antivirus vendor Sophos has released a maintenance update to its unified threat management program, Sophos UTM, which upgrades it to 9.602. The update addresses a number of security issues.
German blog reader Thorsten Sult contacted me a few hours ago by email and drew my attention to this update. Thorsten has already addressed the issue in this German blog post.
Sophos UTM Version 9.602 fixes vulnerabilities
The maintenance update to version 9.602 was announced in this Sophos community post. The changelog lists a number of fixes:
- NUTM-10728 [Access & Identity] Race condition on configuration change of RED device
- NUTM-9877 [Access & Identity] Configurable RADIUS timeout for L2TP over IPsec
- NUTM-10190 [Basesystem] CVE-2018-15473: OpenSSH username enumeration
- NUTM-10362 [Email] MIME type detection doesn’t work as expected – header Content-Type always considered
- NUTM-10480 [Email] Mail Based XSS in Sophos UTM 9
- NUTM-10484 [Email] POP3 Proxy stops working sometimes
- NUTM-10545 [Email] Update SPX placeholder description
- NUTM-10521 [Logging] /tmp partition getting full when using livelog
- NUTM-10291 [Network] DNS Host object not updated/unresolved
- NUTM-10460 [Network] GeoIP dropping traffic from allowed region
- NUTM-10537 [Network] Additional IP address on a bridge interface exist in back-end even after deleting it
- NUTM-10536 [RED] Wifi traffic on the internal RED15w AP is always routed through the RED tunnel
- NUTM-10594 [RED] RED50 disconnects randomly
- NUTM-10595 [Sandstorm] Sandbox Activity Tab not accessible due to license error
- NUTM-10852 [Sandstorm] Sandboxd complaining on missing column in database/sqlite
- NUTM-10626 [WAF] Let’s Encrypt certificate renewal fails because of failing terms of service check
- NUTM-10644 [WAF] mod_session_cookie does not respect expiry time (CVE-2018-17199)
- NUTM-10661 [WAF] SSL redirect broken for wildcard certificates
- NUTM-10322 [Web] Proxy crash with coredump on UTM 9.508
- NUTM-10633 [Web] New web templates for content warn does not work in 9.6
- NUTM-10657 [Web] httpproxy uses up all CPUs in peak hours, resulting in slow browsing
- NUTM-10668 [Web] Quota relevant web page are accessible when using AD SSO
- NUTM-10758 [Web] Application Control – Skiplist not working for destination IP
- NUTM-10546 [Wireless] Updating to 9.6 GA with REDw devices causes corrupt payload and AP becomes inactive
The maintenance update closes the CVE-2018-15473 vulnerabilities in OpenSSH, NUTM-10480 XSS in Email Protection and CVE-2018-17199 for WAF in older versions of Sophos UTM.
The update is rolled out in waves
The maintenance update is rolled out in shafts. In phase 1, users can download the update package from the Sophos FTP server and install it manually. In phase 2, Sophos will distribute the update via its Up2Date servers. As the firmware is not yet rolled out via Up2date, you should wait before using it productiv environments. Thanks to Thorsten for the hint.
Similar articles:
Sophos patches his AV products due Windows Update issues
Sophos false alarms (April 2019)
Sophos UTM 9.601-5 available as soft release