Sophos have just released SG UTM version 9.711. This release follows very quickly after 9.710 as it contains some important vulnerability fixes. Sophos recommend that even if you only recently upgraded to 9.710, you should apply this fix as soon as possible.
As usual, the release will be rolled out in phases:
- In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.
- Up2date package – 9.710 to 9.711 : https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.710001-711005.tgz.gpg
- md5sum is 8eede813596e78a58a52f492adcd52c4 : https://download.astaro.com/UTM/v9/up2date/ u2d-sys-9.710001-711005.tgz.gpg.md5
- During phase 2 we will make it available via our Up2Date servers in several stages.
- In phase 3 we will make it available via our Up2Date servers to all remaining installations.
This version addresses the recent highly-publicised vulnerability in OpenSSL, CVE-2022-0778. It also addresses a vulnerability recently discovered in Apache, CVE-2022-22720. Apache is used in WAF and for the WebAdmin and user interfaces.
The new Wireless Access Point firmware included with this release is essential for anyone adding new APX access points. Due to supply chain issues we have made some hardware changes in the most recent revisions of our APX models that require this latest firmware version 11.0.109. This version also addresses the recent certificate-parsing vulnerability discovered in OpenSSL so it is worth applying even if you don’t have any new access points.
Finally, you may notice a small change in the format of the firmware version when you’re using WebAdmin – we’ve added an identifier to make it clear whether you’re using the 32-bit or 64-bit version of the UTM operating system.
- Maintenance Release
- System will be rebooted
- Configuration will be upgraded
- NUTM-13334 [Basesystem] PowerShell / Putty – Default SSH client options result in failed connection
- NUTM-13394 [Basesystem] Openssl Vulnerability – CVE-2022-0778
- NUTM-13421 [Basesystem] Upgrade Apache to 2.4.53 (UI) – CVE-2022-22720
- NUTM-13326 [UI Framework] Identify 32-bit or 64-bit build in WebAdmin footer
- NUTM-13419 [WAF] Upgrade Apache to 2.4.53 (WAF) – CVE-2022-22720
- NUTM-13363 [Wireless] Integrate updated APX firmware version 11.0.019
- NUTM-13433 [Wireless] AP/APX : Openssl Vulnerability – CVE-2022-0778