UTM Up2Date 9.208 Released

Today we made available  a new Up2Date package for Sophos UTM which will introduce a security fix for CVE-2014-6271 .

Please note, that to date we are not aware that the Sophos UTM is exposed to the described vulnerabilities and this release is a precautionary update.

Please read on to see the full details of this release.

Sophos UTM 9.208

News

• Security Release
• Update bash package to fix potential vulnerabilities
• References: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
• So far we are not aware of any service on UTM actually exposing these problems to attackers, this is a precautionary update.

Remarks

• System will be rebooted

Bugfixes

• 33059 CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands [9.2]

Up2Date Installation:

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Sophos UTM Up2Date FTP Mirrors:

Feedback

• If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).
• If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
• You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

Eric Bégoc
Senior Product Manager