Sophos hat die neue Firmware SFOS 17.5.5_MR-6 für XG freigegeben. Ihr könnt Euch das Update vom MySophos Account herunterladen und manuell installieren. Es ist knapp 290 MB groß. Neu ist die Radius SSO-Authentifizierung zwischen XG und APX.
Außerdem wurde ein Problem in Exim behoben, siehe KB134199. Es folgt die Liste der behobenen Fehler:
NC-40785 [API Framework] Incorrect data types and values in API documentation NC-44687 [API Framework] Unable to update webadmin settings when WAF rule with port 80 is configured NC-43933 [Authentication] csd not cleaning up stale connections NC-45077 [Authentication] Some LDAP users are not associated with the expected group NC-45283 [Authentication] Memory leak in access server NC-46024 [Authentication] Guest user registration is not working after upgrading to 17.5 MR4 NC-46572 [Authentication] Race condition in access server when setting authserverid NC-44178 [Backup-Restore] Unnecessary selection button when downloading backup without encryption password NC-45532 [Clientless Access] Clientless SMB Bookmark - Unable to upload files in a folder or share with an apostrophe NC-39353 [Core Utils] Brazilian timezone and DST problem NC-40924 [Core Utils] ATP patterns filling up /content/ folder NC-43506 [DHCP] Established connection is destroyed when dynamic WAN interface gets configured NC-46351 [DHCP] DHCP service dies on firmware upgrade NC-43624 [Dynamic Routing (PIM)] Coredump from pimd while applying interfaces in pim-sm in HA-AA case NC-41225 [Email] Assertion while scanning mail with custom file mime type NC-42752 [Email] Issues with certificate chain NC-42986 [Email] Mail application usage reports shows 0bytes for POP and IMAP NC-43179 [Email] Mails stuck in queue when email id contains '=' NC-43285 [Email] Filtering for bounced mails freezes mail log page NC-43399 [Email] "DKIM: validation of body hash failed" when DKIM signed mail gets forwarded by XG NC-43445 [Email] Mails are split in different header information and hang in spool NC-43539 [Email] Unable to access appliance after restoring backup NC-44131 [Email] Core dumps in smtpd while deleting mail from mail spool page NC-44490 [Email] Unable to use CAs with ECC certificates NC-44559 [Email] Conan engine does not get upgraded on migration NC-44662 [Email] Mails with folded headers might not be processed correctly NC-45144 [Email] Exim complaining about illegal header file NC-45223 [Email] Unable to filter mail log with some special russian characters NC-46145 [Email] Email notification using external mail server not working after upgrading to 17.5 MR4 NC-42902 [Firewall] IPsec traffic flows only after REKEY event NC-44344 [Firewall] Not able to enable IP Spoofing on more than 18 zones NC-46188 [Firewall] GUI icons broken in firewall rules NC-44083 [Hotspot] Hotspot voucher created in HA setup is expired and has used data attached to it NC-38688 [IPsec] Sporadic connection interruption to local XG after IPsec rekeying NC-41631 [IPsec] Tunnel not established in HA setup NC-43220 [IPsec] Unable to use "Reset" button on Sophos Connect settings page NC-43898 [IPsec] Improve udp/500 firewall rule activation NC-44072 [IPsec] Charon timeout while starting on small appliances with 20+ IPsec tunnels and auth type 'rsa' NC-44240 [IPsec] XG not accepting MODP_1024 DH during IKE negotiations NC-44016 [Logging Framework] Garner segfault in Central Management plugin of garner NC-44693 [Logging Framework, SecurityHeartbeat] Reports are not being generated NC-45339 [Logging Framework] Assertion fail in garner causing RED clients to disconnect NC-46535 [Logging Framework] Memory leak in notification plugin NC-44531 [nSXLd] nSXLd connection handling improvements NC-46117 [Policy Routing] Traffic passing through IPSec link though policy route (MPLS) has high priority NC-30294 [PPPoE] PPPoE interface graph is showing incorrect bandwidth information NC-33657 [SFM-SCFM] API output shows "Configuration parameters validation failed" NC-44007 [SFM-SCFM] Error message on GUI: SSOD is stopped NC-44562 [SFM-SCFM] Backup snapshot has not been restored from SFM when SF having encrypted password for backup NC-43684 [SNMP] libsnmp segfaults for "AVVERSION Get" NC-44695 [SSLVPN] Unable to connect via SSL VPN after migrating from CROS NC-46253 [SupportAccess] Backport: Cannot connect to WebAdmin via SupportAccess NC-43936 [UI Framework] Guest Users page not loading after deleting the last page of available Guest Users NC-44018 [UI Framework] Type of icon should be drop-down instead of icon of increase-decrease NC-44283 [UI Framework] Cannot load Connection Details page of an IPsec VPN connection when Chinese characters are used in local/remote host configuration NC-45358 [WAF] Privilege escalation from modules' scripts (CVE-2019-0211) NC-45544 [WAF] Reduce memory footprint NC-45974 [WAF] URL normalization inconsistency (CVE-2019-0220) NC-46104 [WAF] HTML rewriting in large embedded CSS causes appliance to reboot due to OOM NC-46810 [WAF] NULL pointer dereference in mod_proxy_html NC-43970 [Web] Policy editor window doesn't close when new policy created NC-44089 [Web] Backslashes not properly escaped on User Activities page NC-44228 [Web] Web categorization fails randomly NC-44609 [Web] Incorrect parsing of DNS responses leads to 502 errors NC-45020 [Web] Memory leak in sandbox pending page NC-45094 [Web] SSL scan not on in case of force_ntlm on transparent connection NC-27524 [Wireless] Restoring backup of Cyberoam 10.6.5050 GA not working when WLAN is configured NC-45088 [Wireless] Selective export of WirelessNetworks with dependencies does not contain any dependencies NC-45405 [Wireless] Country field for AP shown empty while accepting it with multple pending APs NC-46142 [Wireless] SSID deleted but WiFi interface remains