UTM Up2Date 9.354 released

UTM Up2DateWe’ve just released a new Up2Date package for all UTM 9.353 users, which provides a security update for all 9.35x users.

Read on for details about this release.

News

  • Security Update

Remarks

  • System will be rebooted

Bugfixes

  • 36136 ISC DHCP security update (CVE-2015-8605)
  • 36201 Bind Vulnerability CVE-2015-8000
  • 36266 OpenSSH security update (CVE-2016-0777, CVE-2016-0778)
  • 36281 XSS vulnerability in mod_url_hardening [9.35]
  • 36282 XSS vulnerability in mod_avscan [9.35]
ftp link:  ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.353004-354004.tgz.gpg
Up2date MD5sum:
e9ae9a5d308c48a1d247024e4b8649fc
File size: ~3.89 MB

Up2Date Installation

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management > Up2Date > Overview and use “Update to latest version now” to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management > Up2Date > Advanced.

If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).

Feedback

  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!
  • If you have any questions or comments regarding this release, please see our online forums for more information.

Alan Toews
Technical Product Manager

3 thoughts on “UTM Up2Date 9.354 released

  1. Please note that this update does not address glibc (CVE-2015-7547) That patch is currently in testing, and can be expected as soon as next week. We have posted a kb where you may track the status of this: https://www.sophos.com/en-us/support/knowledgebase/123675.aspx

    At the time of posting, it conservatively lists the expected date as being more than one week out – however, that is a very conservative estimate, should there be any problems in testing. I am looking for 9.355 next week to address this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s