Beschreibung
Sophos hat am 18.06.2019, die neue Version SFOS 17.5 MR6 veröffentlicht.
Zu Beginn ist die Version über den manuellen Download im MySophos-Portal verfügbar.
Im Anschluss wird das Update über Auto-Update stufenweise ausgerollt.
Bemerkungen
Hinweise zur kürzlich gefundenen Sicherheitslücke in Exim Mailserver:
Exim wird von der XG Firewall v17.5 genutzt, wenn der Kunde Email Protection verwendet. Am Freitag, den 7. Juni 2019, wurde von Sophos ein over-the-Air-Hotfix herausgegeben und automatisch an alle XG Firewalls, die Auto-Update aktiviert haben, verteilt. Sollte ihre XG Firewall Auto-Update nicht aktiviert haben, könnte das Upgrade auf 17.5 MR6 das Problem beheben.
Features
Radius SSO Authentifizierung zwischen XG und APX
Wireless-Nutzer können sich nun über Radius SSO zwischen XG und APX authentifizieren. Framed IP-Adressen werden nun in Client-Accounting-Nachrichten unterstützt.
Betroffene Produktgruppen
Bugfixes
- NC-40785: [API Framework] Incorrect data types and values in API documentation
- NC-44687: [API Framework] Unable to update webadmin settings when WAF rule with port 80 is configured
- NC-43933: [Authentication] csd not cleaning up stale connections
- NC-45077: [Authentication] Some LDAP users are not associated with the expected group
- NC-45283: [Authentication] Memory leak in access server
- NC-46024: [Authentication] Guest user registration is not working after upgrading to 17.5 MR4
- NC-46572: [Authentication] Race condition in access server when setting authserverid
- NC-44178: [Backup-Restore] Unnecessary selection button when downloading backup without encryption password
- NC-45532: [Clientless Access] Clientless SMB Bookmark - Unable to upload files in a folder or share with an apostrophe
- NC-39353: [Core Utils] Brazilian timezone and DST problem
- NC-40924: [Core Utils] ATP patterns filling up /content/ folder
- NC-43506: [DHCP] Established connection is destroyed when dynamic WAN interface gets configured
- NC-46351: [DHCP] DHCP service dies on firmware upgrade
- NC-43624: [Dynamic Routing (PIM)] Coredump from pimd while applying interfaces in pim-sm in HA-AA case
- NC-41225: [Email] Assertion while scanning mail with custom file mime type
- NC-42752: [Email] Issues with certificate chain
- NC-42986: [Email] Mail application usage reports shows 0bytes for POP and IMAP
- NC-43179: [Email] Mails stuck in queue when email id contains '='
- NC-43285: [Email] Filtering for bounced mails freezes mail log page
- NC-43399: [Email] "DKIM: validation of body hash failed" when DKIM signed mail gets forwarded by XG
- NC-43445: [Email] Mails are split in different header information and hang in spool
- NC-43539: [Email] Unable to access appliance after restoring backup
- NC-44131: [Email] Core dumps in smtpd while deleting mail from mail spool page
- NC-44490: [Email] Unable to use CAs with ECC certificates
- NC-44559: [Email] Conan engine does not get upgraded on migration
- NC-44662: [Email] Mails with folded headers might not be processed correctly
- NC-45144 : [Email] Exim complaining about illegal header file
- NC-45223: [Email] Unable to filter mail log with some special russian characters
- NC-46145: [Email] Email notification using external mail server not working after upgrading to 17.5 MR4
- NC-42902: [Firewall] IPsec traffic flows only after REKEY event
- NC-44344: [Firewall] Not able to enable IP Spoofing on more than 18 zones
- NC-46188: [Firewall] GUI icons broken in firewall rules
- NC-44083: [Hotspot] Hotspot voucher created in HA setup is expired and has used data attached to it
- NC-38688: [IPsec] Sporadic connection interruption to local XG after IPsec rekeying
- NC-41631: [IPsec] Tunnel not established in HA setup
- NC-43220: [IPsec] Unable to use "Reset" button on Sophos Connect settings page
- NC-43898: [IPsec] Improve udp/500 firewall rule activation
- NC-44072: [IPsec] Charon timeout while starting on small appliances with 20+ IPsec tunnels and auth type 'rsa'
- NC-44240: [IPsec] XG not accepting MODP_1024 DH during IKE negotiations
- NC-44016: [Logging Framework] Garner segfault in Central Management plugin of garner
- NC-44693: [Logging Framework, SecurityHeartbeat] Reports are not being generated
- NC-45339: [Logging Framework] Assertion fail in garner causing RED clients to disconnect
- NC-46535: [Logging Framework] Memory leak in notification plugin
- NC-44531: [nSXLd] nSXLd connection handling improvements
- NC-46117: [Policy Routing] Traffic passing through IPSec link though policy route (MPLS) has high priority
- NC-30294: [PPPoE] PPPoE interface graph is showing incorrect bandwidth information
- NC-33657: [SFM-SCFM] API output shows "Configuration parameters validation failed"
- NC-44007: [SFM-SCFM] Error message on GUI: SSOD is stopped
- NC-44562: [SFM-SCFM] Backup snapshot has not been restored from SFM when SF having encrypted password for backup
- NC-43684: [SNMP] libsnmp segfaults for "AVVERSION Get"
- NC-44695: [SSLVPN] Unable to connect via SSL VPN after migrating from CROS
- NC-46253: [SupportAccess] Backport: Cannot connect to WebAdmin via SupportAccess
- NC-43936: [UI Framework] Guest Users page not loading after deleting the last page of available Guest Users
- NC-44018: [UI Framework] Type of icon should be drop-down instead of icon of increase-decrease
- NC-44283: [UI Framework] Cannot load Connection Details page of an IPsec VPN connection when Chinese characters are used in local/remote host configuration
- NC-45358: [WAF] Privilege escalation from modules' scripts (CVE-2019-0211)
- NC-45544: [WAF] Reduce memory footprint
- NC-45974: [WAF] URL normalization inconsistency (CVE-2019-0220)
- NC-46104: [WAF] HTML rewriting in large embedded CSS causes appliance to reboot due to OOM
- NC-46810: [WAF] NULL pointer dereference in mod_proxy_html
- NC-43970: [Web] Policy editor window doesn't close when new policy created
- NC-44089: [Web] Backslashes not properly escaped on User Activities page
- NC-44228: [Web] Web categorization fails randomly
- NC-44609: [Web] Incorrect parsing of DNS responses leads to 502 errors
- NC-45020: [Web] Memory leak in sandbox pending page
- NC-45094: [Web] SSL scan not on in case of force_ntlm on transparent connection
- NC-27524: [Wireless] Restoring backup of Cyberoam 10.6.5050 GA not working when WLAN is configured
- NC-45088: [Wireless] Selective export of WirelessNetworks with dependencies does not contain any dependencies
- NC-45405: [Wireless] Country field for AP shown empty while accepting it with multple pending APs
- NC-46142: [Wireless] SSID deleted but WiFi interface remains