UTM Up2Date 9.308 Released

News

• Maintenance Update

Remarks

• System will be rebooted
• Configuration will be upgraded
• Connected Wifi APs will perform firmware upgrade

Bugfixes

• 22842 HTML5 VPN PF Drop Rule should actually say that its dropping traffic
• 24479 Wrong packetfilter will be created with the internet object and one uplink interface is down
• 25190 pmacct has problems with the ipfix templates
• 25244 Window is not closed for RDP sessions if “Stop session” is selected in the drop-down menu
• 29824 Sometimes Apache not starting at boot time
• 30106 /proc/net/ip_scheduler/multipath not updated after config changes
• 30437 Multipath rule for VoIP does not work
• 31355 Not possible to use a network range object as virtual IP pool for remote access
• 31439 Recheck for extensions when releasing Quarantine Message
• 31858 Already encrypted attachments get broken if Content-Transfer-Encoding was not set to Base64
• 31948 “Any” in “Requiring TLS for specified hosts/nets” does not allow TLS skip list objects.
• 31986 Typo in install instruction for the SPX outlook add-on
• 32168 Add support for AES GCM with AES-NI and keylength above 128bit
• 32219 Can’t change the hotspot admin email without websecurity license
• 32406 Adding a host definition with DNS name “localhost” breaks named.conf
• 32701 Matching DLP expressions – entries in log even if DLP is not configured
• 32707 HTTP proxy basic auth forces re-auth too often
• 32709 can’t change IP via Front Panel to 10.192.226 stops at 10.192.225
• 32741 Hitting “proceed button” after contentfilter warning does not display entire website
• 32842 Webcontrol for UTM and SEC managed clients does not work – failed to ConvertStringSidToSid
• 32886 ARP request is performed with wrong IP address
• 32908 Error messages in kernel.log
• 32913 Fix vlan 0 and 4095 handling
• 32935 Missing option to enable/disable Sophos Outlook Add-in in Webadmin
• 33040 fix traffic counting for br0
• 33236 [beta] View log file displays nothing in Safari
• 33391 leading zeros within snmp oids
• 33414 SMTP: AV Scanner timeout or deadlock
• 33441 Pre 9.206 uploaded png logos should be converted automatically
• 33491 Invalid service names of remote access connections in database
• 33562 ERROR: duplicate key value violates unique constraint “modified_headers_pkey”
• 33627 Error message while activating/deactivating Pop3 and FTP without local networks
• 33647 SAA client not compatible with newest MacOS (Yosemite)
• 33658 Bridge: MAC address is not reset after removing the convert interface
• 33676 Bridge: Enabling IPv6 is not applied under some circumstances
• 33677 WAF: fix request handling for status code 413
• 33680 up2date installation fails if previously running up2date download process is still running
• 33693 Bridge: default ethertype ’88B7′ not set after converting
• 33701 ulogd is restarted every hour due to ATP pattern update
• 33838 SPX reply portal garbled characters
• 33839 Network objects with interface bindings get overwritten from SUM
• 33843 SPX – Send and attachments icon hides.
• 33845 Bridge: Cannot enable multiple vlan interfaces on top of a bridge
• 33853 update.c[646]: Assertion ‘!local.disabled ‘ failed
• 33875 libsavi.so.3 in /var/chroot-smtp/var/pattern/savi/engine/ has 0 byte after installation
• 33906 INFO-302 New Firmware Up2Date installed misses new firmware version
• 33918 Unresolved interface in user portal listen address breaks interface status
• 33926 Virus scanner error happens when downloading files via WAF
• 33941 UMTS: Support ESN and MEID
• 33951 Masquerading rule overview empty
• 33962 Clients on AP100 shows only 6mbit/s
• 33976 ulogd segfaults and core dumps
• 34008 Outgoing mail gets blocked because unscannable – recipient gets a notification
• 34011 Saved report displays all results instead of “Top 50”
• 34041 CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
• 34057 Middleware dies if deactivated host object is used in DNS forwarder config
• 34063 AD groups with identical names on different domains won’t be updated correct
• 34087 SPX: If encryption is done with SPX umlauts will get lost.
• 34104 WAF: Domain wildcards didn’t work anymore after update to v9.3xx
• 34117 Invalid response line on handler 5 from one website when using web filter in standard mode
• 34132 NTP Vulnerabilities , CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 [9.3]
• 34154 WAF https/s redirection does not work with non-standard ports
• 34157 Bridge interface not part of ha link monitoring
• 34165 Change of the UTM hostname in the settings of a RED results in a wrong log entry
• 34172 RAID monitor not running after updates
• 34173 Httpproxy fails to lookup correct backend group
• 34174 Download links in UserPortal (e.g. to download IPsec client software) don’t work anymore
• 34181 Kernel panic in ip_route_output_flow
• 34183 Since update to v9.304 there is no computer name in the endpoint virus notification
• 34190 [NUTM-463] OpenSSL security update
• 34191 smtpd dies without coredump because parsing of from field results in a timeout [v9.3]
• 34197 httpcache cannot be created – mkdir /var/httpcache/0 failed: File exists
• 34213 Cloning and editing of a http whitelist breaks the original whitelist
• 34226 repctl -s stops working if using time zone AEDT (Australia)
• 34268 Missing graphs in Web Protection after updating to 9.305
• 34279 Clients are disappearing from the Endpoint overview and some clients appear with high numbers behind the computername
• 34281 After update to 9.306 PDF Attachments can not be open in Adobe Reader
• 34308 Backup import via wizard doesn’t work
• 34337 HTTP Proxy: Device auth reports wrong operating system
• 34352 Sender address gets invalid in smtp proxy
• 34385 http proxy resets https connection after 5 minutes
• 34424 WAF: Client reputation check slows down dnsbl.proxybl.org
• 34426 Since few days dnsbl.proxybl.org is not reachable anymore