Unter ftp://ftp.astaro.com/pub/UTM/v9/up2date/ findet sich die Datei
u2d-sys-9.109001-200011.tgz.gpg, mit der die Version 9.109-1
auf 9.200-11 upgedatet werden kann, falls Up2Date die Datei nicht automatisch lädt.
WebAdmin - neues (Wildcard)Zertifikat - OpenSSL Heart bleed Patch
OpenSSL Heart bleed Patch
Die Datei kann man sich per FTP herunterladen und dann unter
Management -> Up2Date |Advanced| "Manual Up2Date package upload" einspielen
Das Update dauert keine 5 Minuten, erfordert aber einen Reboot der UTM. Vorher ein Backup erstellen und lokal speichern:
Management -> Backup/Restore |Backup/Restore| "Create backup now"
.
Update to 9.200
· Major Features
· Web: New UI policy model
· Mail: SPX encryption support
· Mail: DLP support
· Network: Botnet/C&C traffic detection and blocking
· Network: Major IPS performance improvements
· Authentication: Dual-factor authentication with OATH TOTP
· WAF: Authentication support
·
· Smaller Features
· Web: AD SSO in transparent mode
· Web: Warn action
· Web: Transparent HTTPS filtering w/o full SSL scanning
· Web: URL categorization override
· Web: PUA blocking
· Web: Enhanced log search
· Web: Policy tester
· Web/Endpoint: Web Control for SEC-managed endpoints
· Endpoint: Proxy support for LiveConnect
· Wifi: Hotspot: Fully customizable login page
· Wifi: Hotspot: Fully customizable vouchers
· Wifi: Hotspot: New hotspot type with authentication against UTM/Backends
· RED: optional tunnel compression
· RED: RED50: improve LCD output
· RED: RED50: VLAN configuration for switch ports
· WAF: Extended threat filtering
· WAF: Fallback hosts
· WAF: HTTP to HTTPS redirection
· Network: Support more DynDNS providers
·
· Remarks
· System will be rebooted
· Configuration will be upgraded
· Connected Wifi APs will perform firmware upgrade
· Connected RED devices will perform firmware upgrade
Bugfixes
17609 User Portal: whitelist is completely ignored if blacklist matches
22646 Bridge: Use the MAC address of the converted interface instead of the smallest one
23810 System & UTM Backups ignore backup limits
23950 Wildcard Domains for SMTP Routing (Regression)
24127 Full NAT from internal network to external address dropped on bridge interface
24331 [UBB][9.070] Mail Notification contain antivirus footer
24358 Manual speed settings have no effect on HA link
24652 Wireless: Client is listed on wrong AP in Webadmin "Wireless status"
24739 cluster SMTP distribution not working
25199 Kernel Oops when lowering MTU for USB netcard
25476 Increase default WebAdmin logout time (for new installations)
25676 [UBB][9.100] Executive Report - Wrong charts displayed on Apple Devices
25952 Country blocking exception doesn't work
26225 Damaged graphic in the wireless reporting in French language
26544 DNS host definitions with non-ascii chars and underscore cause dns-resolver to fail
26640 Not possible to activate more than 62 virtual webserver
27742 Standard mode in deployment helper incorrectly named
28150 Sophos Authentication Agent does not work with MacOS X 10.6
28201 User Portal webpage doesn't get fully loaded while using Internet Explorer
28383 SSL VPN disconnects when transferring large amounts of data
28866 Essential Firewall: Not possible to use HA reserved interface eth3
29354 [Update Rule:] SSL VPN routes are not distributed correctly over OSPF
29584 "Department Reports" in Web Sec Reporting does not work for host objects
30016 Mix SSL and WAF and SharePoint 2013 will no longer allow you to save files (file is opened write protected)
9.201-23
Seit dem 10.04.2014 gibt es ein Update zu 9.2, 9.201-23, hauptsächlich wird der Open SSL Bug damit behoben, es wird dringend geraten das Update einzuspielen.
ftp://ftp.astaro.com/pub/UTM/v9/up2date/ Name: u2d-sys-9.200011-201023.tgz.gpg
Sophos empfiehlt folgendes Vorgehen:
1. Install the patch
2. Print your configuration
3. Change your passwords
4. Reboot the UTM
5. Regenerate Certificates
Mit der Version 9.201-23 werden folgende Bugfixes durchgführt:
News
· Official 9.2 GA Release - update from 9.200
· Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)
· Remarks
· System will be rebooted
· Configuration will be upgraded
· Connected Wifi APs will perform firmware upgrade
· Connected RED devices will perform firmware upgrade
Bugfixes
28439 vpn site2site overwiev is missing ipsec respondOnly connections
28953 Object Changelog PopUp can not be closed in IE9
29356 [BETA] RED50 reconnects all the time
29419 [BETA] Web Policy tester and http.log do not display modifications by local site list
29501 Transparent AD SSO conflicts with WAF (port 80)
29748 [BETA] changing OTP has no effect on WAF
29843 [BETA] Changing AV Scanners cause memory spikes in http proxy
30389 [BETA] http cache fills up partition
30441 [BETA] SPX encryption has higher priority than SMIME or PGP encryption
30446 [BETA] SPX: some characters in mail subject lead to broken subject in pdf
30561 [BETA] Username with \ is seen in sAMAccountName with \\
30571 Add option to disable OTP for Webadmin/SSH from front panel LCD of UTM appliance
30637 [BETA] Handling Filter actions used in multiple policies
30701 [BETA] SPX: labels of original message are not correctly encoded in spx reply
30723 RED 10 stops working while handling large packets
30869 [BETA] DLP: Region selector of "Sophos CCL Rules" doesn't show the first element
30898 OTP: Token may be created for wrong user if remote/local user differ in case
30925 SPX: character sets other than UTF-8 break PDF and portal
30934 Incorrect Certificate used during Transparent HTTPS
30940 Wireless: Some SSIDs are shown as HASH(...) in WebAdmin
30945 ATP Dashboard Link & Reporting Issue (72h not visible)
30949 smtp scanner dies in combination with SPX and regular email encryption
30951 Outgoing mails get quarantined as "UNSCANNABLE" although "Quarantine unscannable and encrypted content" is disabled
31368 CVE-2014-0160: TLS heartbeat read overrun [9.2]
Auch diese Version kann im FTP Bereich downgeloaded werden und manuell installiert werden.
ftp://ftp.astaro.com/pub/UTM/v9/up2date/
Münster AD 2014