Hi Everyone,

Today we've released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Note:

When installing the update packages manually, please make sure to upload both update packages 9.507 and 9.508.

S/MIME Encryption updates: This release brings changes to the S/MIME feature to fully conform with new GDPR regulatory requirements for encryption. Core to these changes are new algorithms to perform encryption and signatures within S/MIME. Due to the changes in the signature algorithms, older implementations of S/MIME - including previous Sophos UTM releases - can no longer verify signatures produced with the new algorithms. Encryption and decryption of emails is not affected by this change. For details, please read the following KBA at https://community.sophos.com/kb/en-us/131727.

News

Maintenance Release

Remarks

System will be rebooted

Configuration will be upgraded

Connected APs will perform firmware upgrade

Bugfixes

NUTM-8739 [Access & Identity] Argos segfault and coredump after update to v9.502

NUTM-9164 [Access & Identity] SSLVPN installation packages fail to copy user profile during installation

NUTM-9344 [Access & Identity] All users are locked when a lockout policy via GPO was set

NUTM-9047 [Basesystem] VLAN interface on the bridge doesn't come up when slave becomes the master

NUTM-9296 [Configuration Management] Report Auditor is unable to open the dashboard in UTM

NUTM-9397 [Configuration Management] Log Remote Archiving via SCP fails when used with OpenSSH >= 7.0

NUTM-9497 [Documentation] ATP - Invalid status display on Webadmin for Japanese,Russian,Spanish language

NUTM-4174 [Email] POP3 spool cleanup does not work

NUTM-8794 [Email] Wrong MIME Type detection

NUTM-8937 [Email] Upgrade SMIME

NUTM-9046 [Email] SPX binary error with Office365

NUTM-9098 [Email] Mail stuck in work queue

NUTM-9252 [Email] Patch Exim for CVE-2014-2972 and CVE-2016-9963

NUTM-9259 [Email] POP3 Proxy coredump in "libc_start_main"

NUTM-9337 [Email] Selecting an AD Server for AD Recipient Verification in SMTP isn't possible after update to v9.506

NUTM-9382 [Email] WebAdmin user not able to disable the "Recipient Verification" in SMTP Routing

NUTM-9303 [HA/Cluster] HA "max_nodes" option set to 3 causes named to fail to start

NUTM-9405 [HA/Cluster] Interface MAC addresses shouldn't get replicated on slave node if virtual_mac is set to 0

NUTM-3497 [Network] BGP soft-reconfiguration not working

NUTM-8118 [Network] After upgrading to 9.500 "Service Monitor not running - restarted" notifications being received

NUTM-8432 [Network] Local Privilege Escalation via confd Service

NUTM-8604 [Network] Changing a bridge IP address causes bridge to go down when using vlans

NUTM-8887 [Network] DNS group objects doesn't delete old IP addresses

NUTM-9064 [Network] Network monitoring daemon constantly restarts since upgrade to 9.503

NUTM-9177 [Network] Disabled static routes are being put into the routing table

NUTM-9465 [Network] Wrong/Old IPv6 Tunnel Broker URLs in Webadmin

NUTM-8759 [Sandboxd] Add support for Sandstorm's Asia data centre

NUTM-9006 [UI Framework] Not possible to download different SSLVPN User Profiles in one Firefox session

NUTM-6955 [WebAdmin] Error text appears in dialog when trying to view user object usage

NUTM-8567 [WebAdmin] Update to ImageMagick-7.0.7-11

NUTM-9116 [WebAdmin] Object information can't be displayed for specific objects

NUTM-9128 [WebAdmin] PCI Scan failing on UserPortal due to missing HSTS and CSP

NUTM-9430 [WebAdmin] Issue with X-Content-Type-Options header presented by UTM

NUTM-7201 [Web] HTTP Proxy connections hang in CLOSE_WAIT state

NUTM-8638 [Web] Add group visibility in log with unlimited AD groups

NUTM-8746 [Web] After changing group membership, old one is still available from winbind

NUTM-8886 [Web] TLS Input/output error when connecting to web site

NUTM-9113 [Web] HTTP Proxy coredump on 9.505

NUTM-9166 [Web] HTTP Proxy coredump on function deny_ntlm_auth

NUTM-9332 [Web] DNSExpire coredump causes slow browsing

NUTM-9416 [Web] HTTP Proxy coredump on 9.506 with signal SIGFPE Arithmetic Exception

NUTM-3127 [Wireless] AP55/100 connection issues - disconnected due to excessive missing ACKs

NUTM-6640 [Wireless] Fix visibility of Fast Transition option in different security modes

NUTM-7013 [Wireless] Frequent disconnects on guest wifi network after >1 week

NUTM-8243 [Wireless] Update dropbear SSH Server to fix CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406

NUTM-8299 [Wireless] UTM stops broadcasting SSIDs for the built-in wireless after upgrade to 9.5

NUTM-8781 [Wireless] W-appliance - wireless network connection issue with Bridge to AP LAN

NUTM-8827 [Wireless] Internal wireless not broadcasting SSID after updating to 9.503

NUTM-8832 [Wireless] Integrated wireless adapter can be deleted

NUTM-8930 [Wireless] Unable to see the SSID and connect to local wifi on 2.4 Ghz band

NUTM-8940 [Wireless] kernel: [ xxxx.xxxxx] CPU: 0 PID: 13902 Comm: iw Tainted: G W O 3.12.74-0.265397234.g263c982.rb6-smp64 #1

NUTM-8945 [Wireless] SG115w SSID not broadcasted since updated to 9.503

As part of UTM 9.508, the wireless firmware is updated to 11.0.003.

Bugfixes