Sophos Version 9.300-5, 9.301-2, 9.302-2
vom 27. November 2014Endlich ist das neue Sophos UTM Advantage (9.3) erschienen.
News:
Security Release
Es ist ein neues Up2Date Paket verfügbar, nachfolgend stehen alle Infos zum Thema zur Verfügung.
Version 9.300-5
- 9.300 GA Release
- Main Features:
- Web Filter: Time Quotas
- Web Filter: Policy Tagging
- Web Filter: Selective HTTPS Filtering
. SMTP/POP3 Proxy: Live AV Lookups in Sophos Antivirus
- SMTP Proxy: SPX Self-Registration
- SMTP Proxy: Support Attachments on Reply Portal
- Network: Support for Multiple Bridges
- Wifi: Various Hotspot Imporovements
- Hardware: Support for new SG1xx series
- Other Features:
- Web Filter/SMTP Proxy: True File Type Detection
- Application Control: IPv6 Support
. ATP: Scan DNS Traffic going through UTM
- Network: DHCPv6 Relay
- Network: DHCP for VLAN Interfaces
- Network: Allow VLAN and non-VLAN Interfaces on same Hardware
- WAF: IP-based Access Control
- WAF: Wildcard Extension
- WAF: Username Prefix and Suffix
- Support: Sophos Customer Support Secure Access to UTM
Remarks:
- System wird neugestartet
- · Konfiguration wird verbessert
- · Verbundene Wifi Aps werden das Update der Firmware übernehmen
- Verbundene RED Geräte werden das Update der Firmware übernehmen
Bugfixes
22468 HTML5 iptables rule doesn’t match for IPSec-routed hosts
27257 RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported
27588 Unable to fetch POP3 accounts on iOS devices via POP3 Proxy
27750 IPv6: Add support for DynDNS (Dyn & FreeDNS)
27905 [BETA] log the mac addresses human readable with leading zeros in the packetfilter log
28056 it’s not possible to view or download large log files in the webadmin because root partition is too small
28164 OSPF and default route priority issues
28400 Syslog not started after ipsbundle pattern installation
28842 HA takeover if master reboots takes too much time
28966 exceptions for Common Threat Filters do not work individually
29095 [BETA] improve reporting filter naming for ATP
29412 Wireless Security Manager Role can’t accept new AP’s
29963 profile mode ‘monitor’ does not work for Cookie signing
30008 Problem with Remote IPsec access in case of ID type is ASN1 Distinguished Name and using static RAS IP
30254 Import of non UTF-8 certificate breaks Webadmin access
30504 Sometimes the sender_confd_profile is undefined in the profile object
30800 [BETA] Some double byte characters aren’t filtered by DLP custom rule and AntiSpam Expressions filter.
30825 IPv6: Add support for DHCPv6 ‘rapid commit’
30851 emailpki_generate_user fails if pkcs12 file contains a cert twice
31083 Remote SSL VPN view is empty in printable configuration
31105 DynDNS: Add support for interface strategy for FreeDNS
31116 Performance and scalability improvements of HTTP proxy
31164 [BETA] Routing domain wildcards aren’t working for SMTP profiles.
31337 Too long hostname will break layout in dashboard
31340 rsyncd not started after switching to master mode (slave node hangs in syncing state)
31373 Form hardening exception match but doesn’t work
31387 ad-sid-sync.pl is executed even if AD sync is disabled
31581 Up2date pattern rpm’s fails to install if hostname contains ‘/’ character.
31814 nextgen-agent restarting permanently
31859 Make http proxy handle uncompressed DNS responses
31992 network range in network group shouldnt be allowed in allowed networks as per 21588
32012 Postgres startup problem because pg_xlog files are missing
32034 Full transparent AD SSO redirect URL request gets dropped by packetfilter
32079 UMTS modem device hanging
32097 High load after pattern installation [9.2]
32190 Policy tester always returns “allowed” if warn page is proceeded once
32237 Release of IPsec Pool IPs not working
32286 Sorting of APs in Webadmin
32391 UTM interface doesn’t come up again after the speed changed from 4G to 3G
32433 Not possible to delete VPN tunnel managed by SUM after use “cleanup object”
32537 Guest login fails in transparent browser auth mode if “terms of use” confirmation is required
32571 [V9] Blocked HTTPS-Sites in Filter Action Mode ‘Blacklist’ doesn’t match if Exception is matching on Categories
32588 Can’t restore backup beacause of an undefined value
32602 Web control policy not applying to endpoints
32604 Special characters like umlauts didn’t work in passwords with reverse authentication for the WAF
32607 Not possible to use virtual mac on lag interfaces
32683 Can’t send a VPN Profile to the SMC if the Organization Name includes a umlaut
32690 It’s not possible to use Subfolders for Remote Log File Archives over SMB on CIFS share
32696 Hotspot: only one login possible per username for backend authentication hotspot
32703 Multicast traffic problems after upgrading to SG430 and 9.204
32711 Mail preview should display kyrilic or chinese chars too.
32713 Console keyboard doesn’t work
32726 Dashboard does not show Antivirus active protocols for HTTP/S
32794 vpn-reporter.pl segfault in get_amazonvpc
32805 NETDEV WATCHDOG: eth0 (tg3): transmit queue 0 timed out
32832 Remote Syslog Server IPv6 support
32837 vpn-reporter.pl segfaults, error 4 in libc-2.11.3.so
32851 Device auth reports wrong client information
32852 Any SSL traffic through HTTP proxy gets classified as “Sophos Portal” if a “Sophos Portal” AppCtrl rule exists
32870 ad-sid-sync.pl fails to lookup trusted domains groups
32940 SG550: Licensing does not work if module is relocated after installation
32950 Configuring a whitelist in webfilter filter action appears in blacklist on UTM
32957 winbindd died in kernel_vsyscall
32969 Coredumps from reverseproxy after update to v9.206
32972 IPS exception does not work for SID 18575
32980 Remove RC4 from TLS ciphers in Exim
33019 After upgrading to iOS 8 UTM does not recognize iOS anymore (Device-specific Authentication)
33095 RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported [9.3]
33111 Group matching incorrect if user belongs to static and backend groups
33277 [9.2] Add support for passthrough NTLM connection
33307 Not possible to change TLS certificate
33323 Using @ in hostname results in corrupt /etc/syslog-ng.conf
33382 Config changes in IPsec remote access sometime causing a drop of established connections
33429 AP100: Unable to authenticate with an SSID using a PSK with a dollar character
33515 SMTP Vulnerability in SSL v3.0
33613 OS X HTTPS traffic identified as iOS
Version 9.301-2
Bugfix Update
Remarks:
- System wird neugestartet
- · Konfiguration wird verbessert
- · Verbundene Wifi Aps werden das Update der Firmware übernehmen
Bugfixes
33743 Wifi: after upgrade from 9.2 -> 9.3 awe_status is 0
33746 psk and ssid with a \ are wrong in confd
33751 Bridge without Address lost after Upgrade from 9.2x to 9.300
33760 ipsec: dying Middleware with Bridge configured
Version 9.302-2
Bugfix Update
Remarks:
- System wird neugestartet
- · Konfiguration wird verbessert
- · Verbundene Wifi Aps werden das Update der Firmware übernehmen
Bugfixes
33655 Special characters in SSID lead to an awed crash [9.3]
33766 Slave stays in “syncing” state after update to 9.300
33824 Wifi: rt2x00queue_write_tx_frame: Error – Dropping frame due to full tx queue 2