SULT.eu IT-Blog

Sophos hat heute einen Hotfix mit der Version UTM 9.510-5 bereit gestellt. Damit wird das Problem bezüglich der Empfängerverifizierung via callout in der Firmware 9.510-4 behoben.

Der Fix von knapp 14 MB kann unter folgender Adresse heruntergeladen und installiert werden: ftp://ftp.astaro.com/pub/UTM/v9/up2date/. Solltet Ihr noch die 9.509-3 installiert haben, müsst Ihr die ca 175 MB große Updatedatei laden. Die Firmware 9.510-4 steht auf dem FTP-Server nicht mehr zur Verfügung.

Folgende Fehler wurden behoben:

NUTM-10124 [Email] TLS Errors - renegotiation not allowed <- Hotfix
NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin <- Hotfix

NUTM-8273 [Basesystem] Inconsistent reporting data in hot standby environment
NUTM-9089 [Basesystem] ulogd restarting randomly
NUTM-9423 [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
NUTM-9516 [Basesystem] CVE-2017-3145: BIND vulnerability
NUTM-9764 [Basesystem] multiple NTP vulnerabilities
NUTM-9862 [Basesystem] CVE-2018-8897: Don't use IST entry for #BP stack
NUTM-9944 [Basesystem] 'ethtool -p' is not working for shared port
NUTM-9945 [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
NUTM-9286 [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
NUTM-9460 [Email] Quarantine unscannable and encrypted content not working as expected
NUTM-9539 [Email] SMTP callout with TLS does not work
NUTM-9627 [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
NUTM-9771 [Email] Redesign TFT detection to decrease false positives/negatives
NUTM-9836 [Email] HSTS usage breaks Quarantine Report release link
NUTM-9789 [Logging] Not able to archive logs using SMB share
NUTM-8969 [Network] Inconsistent DHCP leases in WebAdmin
NUTM-9049 [Network] Cannot change IPv4 interface as IPv6 gateway is required
NUTM-9194 [Network] Static route switching to different VLAN
NUTM-9646 [Network] eth0 is falsely marked "dead" when running "hs" on slave
NUTM-9739 [Network] Network monitor restarting on slave nodes
NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
NUTM-9607 [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
NUTM-9624 [Reporting] WAF - Top attackers won't be displayed after upgrade to v9.5
NUTM-9719 [SUM] Web Protection service shown as down in SUM
NUTM-9547 [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
NUTM-9527 [WAF] Fix mod_url_hardening stack corruption
NUTM-8038 [WebAdmin] WebAdmin not available
NUTM-9232 [WebAdmin] Sometimes 'backend connection failed' while login
NUTM-9529 [WebAdmin] Role with 'Web Protection Manager' rights can't access Aplication Control
NUTM-9689 [WebAdmin] Report Auditor role is unable to open the dashboard
NUTM-5293 [Web] Google is missed in the Search Engines reports
NUTM-6240 [Web] FTP download through HTTP Proxy in standard mode not possible
NUTM-9039 [Web] Connections may fail when using upstream proxies due to "Proxy-Connection" header being sent
NUTM-9399 [Web] Classification for Windows Updates differs between AFC and conntrack
NUTM-9413 [Web] Unable to upload certificate to "Local Verification CAs"
NUTM-9491 [Web] HTTP Proxy coredumps with SIGABRT
NUTM-9549 [Web] Proceeding after content warning results in display issues on redirected pages
NUTM-9599 [Web] HTTP Proxy requests stuck without appropriate timeout
NUTM-9630 [Web] Fallback log flooded with samlogon cache timeout messages
NUTM-9664 [Web] Country blocking exception not working when HTTP Proxy is using SSO
NUTM-9720 [Web] Can't proceed content warning for MIME types if URL contains spaces
NUTM-9745 [Web] HTTP Proxy coredumps with SIGSEGV
NUTM-7628 [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
NUTM-8946 [Wireless] APs displayed as inactive in WebAdmin while clients can connect
NUTM-9591 [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
NUTM-9592 [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
NUTM-9594 [Wireless] Incorrect channel information showing on overview for LocalWifi
NUTM-9608 [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
NUTM-9638 [Wireless] Both local WiFi AP named 'Local'
NUTM-9731 [Wireless] Not able to configure channel 12 and 13 on newer desktop models
NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band
NUTM-9737 [Wireless] SGw appliances missing frequency definitions for Nigeria

Auf meiner Testumgebung funktioniert die Empfängerverifizierung via Serveranfrage wieder anstandslos.

sophos exim-out[6559]: 2018-08-07 15:43:51 1fn2H8-0001hj-9K => user@domain.de P=<sender@senderdomain> R=static_route_hostlist
T=static_smtp H=xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx]: X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128
C="250 2.6.0 <7C6AC9EE260A9B47BBC7B43919BDBA81F4E378CC> [InternalId=12794707575792, Ho"

sophos exim-out[6559]: 2018-08-07 15:43:51 1fn2H8-0001hj-9K Completed

Durch die neue Firmware ist es nun auch möglich, die TLS Version über das Webinterface anzupassen. Unter Email Protection -> SMTP -> Erweitert ist diese nun zu finden. In den vorherigen Firmwares hätte man dies noch umständlich über die exim.conf anpassen müssen.

Man sollte die Firmware dringend installieren! Sophos fixt die Schwachstellen CVE-2011-3389, CVE-2017-3145 und CVE-2018-8897. Diese werden teilweise als sehr kritisch eingestuft. Siehe dazu den Artikel bei dfn-cert.de.

Weitere Informationen erhaltet Ihr in der Sophos Community.

Informationen über die kommende UTM 9.6 erhaltet Ihr hier: Sophos UTM 9.6, neue Informationen verfügbar

Update: Jetzt auch via Up2date verfügbar!