Sophos UTM Up2Date 9.510 Released

Sophos has released UTM 9.510. The release will be rolled out in phases. In phase 1 you can download the update package from the Sophos FTP server, in phase 2 it will be spread via the Sophos Up2Date servers.

Reported Issues

The following issue has been reported by users who have installed version 9.510.

It appears that this update breaks mailmanager.  When you access mailmanager you get “invalid request” error.

Some users have reported that clearing all cache and temp files in the web browser resolves this issue.

Please keep an eye on this forum post for further details.

Remarks

• System will be rebooted
• Configuration will be upgraded
• Connected APs will perform firmware upgrade
• Connected REDs will perform firmware upgrade

Bugfixes

• NUTM-8273 [Basesystem] Inconsistent reporting data in hot standby environment
• NUTM-9089 [Basesystem] ulogd restarting randomly
• NUTM-9423 [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
• NUTM-9516 [Basesystem] CVE-2017-3145: BIND vulnerability
• NUTM-9764 [Basesystem] multiple NTP vulnerabilities
• NUTM-9862 [Basesystem] CVE-2018-8897: Don ‘t use IST entry for #BP stack
• NUTM-9944 [Basesystem]  ‘ethtool -p ‘ is not working for shared port
• NUTM-9945 [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
• NUTM-9286 [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
• NUTM-9460 [Email] Quarantine unscannable and encrypted content not working as expected
• NUTM-9539 [Email] SMTP callout with TLS does not work
• NUTM-9627 [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
• NUTM-9771 [Email] Redesign TFT detection to decrease false positives/negatives
• NUTM-9836 [Email] HSTS usage breaks Quarantine Report release link
• NUTM-9789 [Logging] Not able to archive logs using SMB share
• NUTM-8969 [Network] Inconsistent DHCP leases in WebAdmin
• NUTM-9049 [Network] Cannot change IPv4 interface as IPv6 gateway is required
• NUTM-9194 [Network] Static route switching to different VLAN
• NUTM-9646 [Network] eth0 is falsely marked  “dead “ when running  “hs “ on slave
• NUTM-9739 [Network] Network monitor restarting on slave nodes
• NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
• NUTM-9607 [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
• NUTM-9624 [Reporting] WAF – Top attackers won ‘t be displayed after upgrade to v9.5
• NUTM-9719 [SUM] Web Protection service shown as down in SUM
• NUTM-9547 [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
• NUTM-9527 [WAF] Fix mod_url_hardening stack corruption
• NUTM-8038 [WebAdmin] WebAdmin not available
• NUTM-9232 [WebAdmin] Sometimes  ‘backend connection failed ‘ while login
• NUTM-9529 [WebAdmin] Role with  ‘Web Protection Manager ‘ rights can ‘t access Aplication Control
• NUTM-9689 [WebAdmin] Report Auditor role is unable to open the dashboard
• NUTM-5293 [Web] Google is missed in the Search Engines reports
• NUTM-6240 [Web] FTP download through HTTP Proxy in standard mode not possible
• NUTM-9039 [Web] Connections may fail when using upstream proxies due to  “Proxy-Connection “ header being sent
• NUTM-9399 [Web] Classification for Windows Updates differs between AFC and conntrack
• NUTM-9413 [Web] Unable to upload certificate to  “Local Verification CAs “
• NUTM-9491 [Web] HTTP Proxy coredumps with SIGABRT
• NUTM-9549 [Web] Proceeding after content warning results in display issues on redirected pages
• NUTM-9599 [Web] HTTP Proxy requests stuck without appropriate timeout
• NUTM-9630 [Web] Fallback log flooded with samlogon cache timeout messages
• NUTM-9664 [Web] Country blocking exception not working when HTTP Proxy is using SSO
• NUTM-9720 [Web] Can ‘t proceed content warning for MIME types if URL contains spaces
• NUTM-9745 [Web] HTTP Proxy coredumps with SIGSEGV
• NUTM-7628 [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
• NUTM-8946 [Wireless] APs displayed as inactive in WebAdmin while clients can connect
• NUTM-9591 [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
• NUTM-9592 [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
• NUTM-9594 [Wireless] Incorrect channel information showing on overview for LocalWifi
• NUTM-9608 [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
• NUTM-9638 [Wireless] Both local WiFi AP named  ‘Local ‘
• NUTM-9731 [Wireless] Not able to configure channel 12 and 13 on newer desktop models
• NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band
• NUTM-9737 [Wireless] SGw appliances missing frequency definitions for Nigeria