Sophos XG SFOS 17.5 MR6 verfügbar…

Sophos hat die neue Firmware SFOS 17.5.5_MR-6 für XG freigegeben. Ihr könnt Euch das Update vom MySophos Account herunterladen und manuell installieren. Es ist knapp 290 MB groß. Neu ist die Radius SSO-Authentifizierung zwischen XG und APX.

Außerdem wurde ein Problem in Exim behoben, siehe KB134199. Es folgt die Liste der behobenen Fehler:

NC-40785 [API Framework] Incorrect data types and values in API documentation
NC-44687 [API Framework] Unable to update webadmin settings when WAF rule with port 80 is configured
NC-43933 [Authentication] csd not cleaning up stale connections
NC-45077 [Authentication] Some LDAP users are not associated with the expected group
NC-45283 [Authentication] Memory leak in access server
NC-46024 [Authentication] Guest user registration is not working after upgrading to 17.5 MR4
NC-46572 [Authentication] Race condition in access server when setting authserverid
NC-44178 [Backup-Restore] Unnecessary selection button when downloading backup without encryption password
NC-45532 [Clientless Access] Clientless SMB Bookmark - Unable to upload files in a folder or share with an apostrophe
NC-39353 [Core Utils] Brazilian timezone and DST problem
NC-40924 [Core Utils] ATP patterns filling up /content/ folder
NC-43506 [DHCP] Established connection is destroyed when dynamic WAN interface gets configured
NC-46351 [DHCP] DHCP service dies on firmware upgrade
NC-43624 [Dynamic Routing (PIM)] Coredump from  pimd while applying interfaces in pim-sm in HA-AA case
NC-41225 [Email] Assertion while scanning mail with custom file mime type
NC-42752 [Email] Issues with certificate chain
NC-42986 [Email] Mail application usage reports shows 0bytes for POP and IMAP
NC-43179 [Email] Mails stuck in queue when email id contains '='
NC-43285 [Email] Filtering for bounced mails freezes mail log page
NC-43399 [Email] "DKIM: validation of body hash failed" when DKIM signed mail gets forwarded by XG
NC-43445 [Email] Mails are split in different header information and hang in spool
NC-43539 [Email] Unable to access appliance after restoring backup
NC-44131 [Email] Core dumps in smtpd while deleting mail from mail spool page
NC-44490 [Email] Unable to use CAs with ECC certificates
NC-44559 [Email] Conan engine does not get upgraded on migration
NC-44662 [Email] Mails with folded headers might not be processed correctly
NC-45144 [Email] Exim complaining about illegal header file
NC-45223 [Email] Unable to filter mail log with some special russian characters
NC-46145 [Email] Email notification using external mail server not working after upgrading to 17.5 MR4
NC-42902 [Firewall] IPsec traffic flows only after REKEY event
NC-44344 [Firewall] Not able to enable IP Spoofing on more than 18 zones
NC-46188 [Firewall] GUI icons broken in firewall rules
NC-44083 [Hotspot] Hotspot voucher created in HA setup is expired and has used data attached to it
NC-38688 [IPsec] Sporadic connection interruption to local XG after IPsec rekeying
NC-41631 [IPsec] Tunnel not established in HA setup
NC-43220 [IPsec] Unable to use "Reset" button on Sophos Connect settings page
NC-43898 [IPsec] Improve udp/500 firewall rule activation
NC-44072 [IPsec] Charon timeout while starting on small appliances with 20+ IPsec tunnels and auth type 'rsa'
NC-44240 [IPsec] XG not accepting MODP_1024 DH during IKE negotiations
NC-44016 [Logging Framework] Garner segfault in Central Management plugin of garner
NC-44693 [Logging Framework, SecurityHeartbeat] Reports are not being generated
NC-45339 [Logging Framework] Assertion fail in garner causing RED clients to disconnect
NC-46535 [Logging Framework] Memory leak in notification plugin
NC-44531 [nSXLd] nSXLd connection handling improvements
NC-46117 [Policy Routing] Traffic passing through IPSec link though policy route (MPLS) has high priority
NC-30294 [PPPoE] PPPoE interface graph is showing incorrect bandwidth information
NC-33657 [SFM-SCFM] API output shows "Configuration parameters validation failed"
NC-44007 [SFM-SCFM] Error message on GUI: SSOD is stopped
NC-44562 [SFM-SCFM] Backup snapshot has not been restored from SFM when SF having encrypted password for backup
NC-43684 [SNMP] libsnmp segfaults for "AVVERSION Get"
NC-44695 [SSLVPN] Unable to connect via SSL VPN after migrating from CROS
NC-46253 [SupportAccess] Backport: Cannot connect to WebAdmin via SupportAccess
NC-43936 [UI Framework] Guest Users page not loading after deleting the last page of available Guest Users
NC-44018 [UI Framework] Type of icon should be drop-down instead of icon of increase-decrease
NC-44283 [UI Framework] Cannot load Connection Details page of an IPsec VPN connection when Chinese characters are used in local/remote host configuration
NC-45358 [WAF] Privilege escalation from modules' scripts (CVE-2019-0211)
NC-45544 [WAF] Reduce memory footprint
NC-45974 [WAF] URL normalization inconsistency (CVE-2019-0220)
NC-46104 [WAF] HTML rewriting in large embedded CSS causes appliance to reboot due to OOM
NC-46810 [WAF] NULL pointer dereference in mod_proxy_html
NC-43970 [Web] Policy editor window doesn't close when new policy created
NC-44089 [Web] Backslashes not properly escaped on User Activities page
NC-44228 [Web] Web categorization fails randomly
NC-44609 [Web] Incorrect parsing of DNS responses leads to 502 errors
NC-45020 [Web] Memory leak in sandbox pending page
NC-45094 [Web] SSL scan not on in case of force_ntlm on transparent connection
NC-27524 [Wireless] Restoring backup of Cyberoam 10.6.5050 GA not working when WLAN is configured
NC-45088 [Wireless] Selective export of WirelessNetworks with dependencies does not contain any dependencies
NC-45405 [Wireless] Country field for AP shown empty while accepting it with multple pending APs
NC-46142 [Wireless] SSID deleted but WiFi interface remains

Weitere Informationen erhaltet Ihr in der Sophos Community. Eine Anleitung, wie man das Update manuell installiert, findet Ihr hier: How to upgrade the firmware.

Ein Gedanke zu „Sophos XG SFOS 17.5 MR6 verfügbar…

  1. Pingback: Sophos XG SFOS 17.5 MR5 verfügbar... - IT-Blog

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.