Sophos UTM 9.711-5 update released

Sophos have just released SG UTM version 9.711. This release follows very quickly after 9.710 as it contains some important vulnerability fixes. Sophos recommend that even if you only recently upgraded to 9.710, you should apply this fix as soon as possible.

As usual, the release will be rolled out in phases:

This version addresses the recent highly-publicised vulnerability in OpenSSL, CVE-2022-0778. It also addresses a vulnerability recently discovered in Apache, CVE-2022-22720. Apache is used in WAF and for the WebAdmin and user interfaces.

The new Wireless Access Point firmware included with this release is essential for anyone adding new APX access points. Due to supply chain issues we have made some hardware changes in the most recent revisions of our APX models that require this latest firmware version 11.0.109. This version also addresses the recent certificate-parsing vulnerability discovered in OpenSSL so it is worth applying even if you don’t have any new access points.

Finally, you may notice a small change in the format of the firmware version when you’re using WebAdmin – we’ve added an identifier to make it clear whether you’re using the 32-bit or 64-bit version of the UTM operating system.

Release 9.711-5 64-bit (c) 2000-2022 Sophos Limited. All rights reserved.

Other news

  • Maintenance Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Issues Resolved

  • NUTM-13334 [Basesystem] PowerShell / Putty – Default SSH client options result in failed connection
  • NUTM-13394 [Basesystem] Openssl Vulnerability – CVE-2022-0778
  • NUTM-13421 [Basesystem] Upgrade Apache to 2.4.53 (UI) – CVE-2022-22720
  • NUTM-13326 [UI Framework] Identify 32-bit or 64-bit build in WebAdmin footer
  • NUTM-13419 [WAF] Upgrade Apache to 2.4.53 (WAF) – CVE-2022-22720
  • NUTM-13363 [Wireless] Integrate updated APX firmware version 11.0.019
  • NUTM-13433 [Wireless] AP/APX : Openssl Vulnerability – CVE-2022-0778

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.