UTM Up2Date 9.111 Released – FIX for OpenSSL vulnerability (Heartbleed)

A new Up2Date is available for Sophos UTM. This update fixes some bugs, most notably the formerly reported vulnerability in OpenSSL. To get a summary, updated information about the vulnerability and the impact on the UTM make sure to read our knowledgebase article on this topic.


Sophos UTM 9.111

News 

  • Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)
  • Prevent automatic restart of SixXS Tunnel Broker (aiccu)

Remarks

  • System will be rebooted

Bugfixes

  • 27814 Never selfmon aiccu [9.1]


Download:
While you do not need to manually download Up2Date packages (they will automatically download and prepare themselves for you to install), for manual application of Up2Dates or for UTM installations without Internet connections, you can retrieve them using the link below.

Up2date from soft-release to GA:

Up2date link:  ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.111002-111007.tgz.gpg
Up2date MD5sum:  70fd0bf6967868bfd56e5352bbcfa186
File size:  ≈3MB

Up2date from 9.110 to 9.111 GA:

Up2date link:  ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.110022-111007.tgz.gpg
Up2date MD5sum:  8495343232db9098b7331a15dac23a65
File size:  ≈6MB

Up2Date Installation:

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Sophos UTM Up2Date FTP Mirrors:

Feedback

  • If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

Eric Bégoc
Senior Product Manager

[UPDATE: 16 April 2014 13:54 EDT]

IPS Protection from Heartbleed in Sophos UTM

In addition to security patches, IPS signatures have been released to protect servers behind Sophos UTM from Heartbleed attacks.

IPS update u2d-ipsbundle-9.133 includes the Heartbleed signature.

6 thoughts on “UTM Up2Date 9.111 Released – FIX for OpenSSL vulnerability (Heartbleed)

  1. Pingback: IMPORTANT NOTE: OpenSSL Vulnerability (CVE-2014-0160) in Sophos UTM [UPDATED] | Sophos Blog

  2. Pingback: Sophos UTM Manager and OpenSSL Vulnerability | Sophos Blog

  3. Pingback: NetPilot Products NOT impacted by HeartBleed bug – Other UTM Security devices customers not so lucky!

  4. Pingback: AVISO IMPORTANTE: Vulnerabilidad OpenSSL (CVE-2014-0160) en productos de Sophos | Blog sobre Sophos UTM – Sophos UTM blog

  5. Pingback: Actualización Sophos UTM 9.111 | Blog sobre Sophos UTM – Sophos UTM blog

  6. Pingback: Heartbleed – Security Technology Vendor Information : GuidePoint Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s