Software-update: Sophos UTM 9.718

Sophos heeft een nieuwe versie vrijgegeven van zijn Unified Threat Management, UTM in het kort, met 9.718 als versienummer. Deze software wordt zowel op fysieke hardware als in een soft appliance voor VMware, Hyper-V, Xen en KVM geleverd. Naast de betaalde varianten voor bedrijven biedt Sophos deze firewall voor thuisgebruik zonder kosten aan. Voor de verschillende image- en updatebestanden kun je terecht op het MySophos-portaal. De aankondiging van deze uitgave ziet er als volgt uit:

UTM Up2date 9.7 MR18 (9.718) released

In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.Up2date package – 9.717 to 9.718 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.717003-718005.tgz.gpgMd5sum is 61ab2c8f45baa2aace8dfa80446c7caa https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.717003-718005.tgz.gpg.md5

During phase 2 we will make it available via our Up2Date servers in several stages.

In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Maintenance ReleaseSecurity Release

Maintenance Release

Security Release

System will be rebootedConfiguration will be upgraded

System will be rebooted

Configuration will be upgraded

NUTM-14068 [Basesystem] Tar Vulnerability - CVE-2022-48303NUTM-14219 [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User PortalNUTM-14237 [Basesystem] Remove deprecated XSS protection header from Web Admin and User PortalNUTM-14285 [Basesystem] Disable session tickets on Web Admin and User PortalNUTM-14288 [Basesystem] Samba Vulnerability - CVE-2022-2127NUTM-14197 [Email] Email stuck in queue with scanner timeoutNUTM-14289 [Endpoint] Remove Endpoint Protection from WebAdmin and system backendNUTM-14305 [Logging] Failed logins for SSL VPN Remote Access are not displayed in reportsNUTM-14218 [RED] Disable DHE ciphers support for RED in UTMNUTM-14339 [WAF] Daily WAF Coredumps: Segmentation fault (11)NUTM-13182 [Web] Reflected XSS in Web Proxy - CVE-2021-4429NUTM-13988 [Web] Improve performance and error handling for AD SSO

NUTM-14068 [Basesystem] Tar Vulnerability - CVE-2022-48303

NUTM-14219 [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal

NUTM-14237 [Basesystem] Remove deprecated XSS protection header from Web Admin and User Portal

NUTM-14285 [Basesystem] Disable session tickets on Web Admin and User Portal

NUTM-14288 [Basesystem] Samba Vulnerability - CVE-2022-2127

NUTM-14197 [Email] Email stuck in queue with scanner timeout

NUTM-14289 [Endpoint] Remove Endpoint Protection from WebAdmin and system backend

NUTM-14305 [Logging] Failed logins for SSL VPN Remote Access are not displayed in reports

NUTM-14218 [RED] Disable DHE ciphers support for RED in UTM

NUTM-14339 [WAF] Daily WAF Coredumps: Segmentation fault (11)

NUTM-13182 [Web] Reflected XSS in Web Proxy - CVE-2021-4429

NUTM-13988 [Web] Improve performance and error handling for AD SSO

Source: Tweakers.net