Network Guys

Share your knowledge!

Sophos UTM Update 9.308-16 soft-release

Today Sophos released a new maintenance update. Connected Wifi APs will perform firmware upgrade. Here are the bugfixes:


22842 HTML5 VPN PF Drop Rule should actually say that its dropping traffic
24479 Wrong packetfilter will be created with the internet object and one uplink interface is down
25190 pmacct has problems with the ipfix templates
25244 Window is not closed for RDP sessions if “Stop session” is selected in the drop-down menu
29824 Sometimes Apache not starting at boot time
30106 /proc/net/ip_scheduler/multipath not updated after config changes
30437 Multipath rule for VoIP does not work
31355 Not possible to use a network range object as virtual IP pool for remote access
31439 Recheck for extensions when releasing Quarantine Message
31858 Already encrypted attachments get broken if Content-Transfer-Encoding was not set to Base64
31948 “Any” in “Requiring TLS for specified hosts/nets” does not allow TLS skip list objects.
31986 Tpyo in install instruction for the SPX outlook add-on
32168 Add support for AES GCM with AES-NI and keylength above 128bit
32219 Can’t change the hotspot admin email without websecurity license
32406 Adding a host definition with DNS name “localhost” breaks named.conf
32701 Matching DLP expressions – entries in log even if DLP is not configured
32707 HTTP proxy basic auth forces re-auth too often
32709 can’t change IP via Front Panel to 10.192.226 stopps at 10.192.225
32741 Hitting “proceed button” after contentfilter warning does not display entire website
32842 Webcontrol for UTM and SEC managed clients does not work – failed to ConvertStringSidToSid
32886 ARP request is performed with wrong IP address
32908 Error messages in kernel.log
32913 Fix vlan 0 and 4095 handling
32935 Missing option to enable/disable Sophos Outlook Add-in in Webadmin
33040 fix traffic counting for br0
33236 [beta] View log file displays nothing in Safari
33391 leading zeros within snmp oids
33414 SMTP: AV Scanner timeout or deadlock
33441 Pre 9.206 uploaded png logos should be converted automatically
33491 Invalid service names of remote access connections in database
33562 ERROR: duplicate key value violates unique constraint “modified_headers_pkey”
33627 Error message while activating/deactivating Pop3 and FTP without local networks
33647 SAA client not compatible with newest MacOS (Yosemite)
33658 Bridge: MAC address is not reset after removing the convert interface
33676 Bridge: Enabling IPv6 is not applied under some circumstances
33677 WAF: fix request handling for status code 413
33680 up2date installation fails if previously running up2date download process is still running
33693 Bridge: default ethertype ’88B7′ not set after converting
33701 ulogd is restarted every hour due to ATP pattern update
33838 SPX reply portal garbled characters
33839 Network objects with interface bindings get overwritten from SUM
33843 SPX – Send and attachments icon hides.
33845 Bridge: Cannot enable multiple vlan interfaces on top of a bridge
33853 update.c[646]: Assertion ‘!local.disabled ‘ failed
33875 in /var/chroot-smtp/var/pattern/savi/engine/ has 0 byte after installation
33906 INFO-302 New Firmware Up2Date installed misses new firmware version
33918 Unresolved interface in user portal listen address breaks interface status
33926 Virus scanner error happens when downloading files via WAF
33941 UMTS: Support ESN and MEID
33951 Masquerading rule overview empty
33962 Clients on AP100 shows only 6mbit/s
33976 ulogd segfaults and core dumps
34008 Outgoing mail gets blocked because unscannable – recipient gets a notification
34011 Saved report displays all results instead of “Top 50”
34041 CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
34057 Middleware dies if deactivated host object is used in DNS forwarder config
34063 AD groups with identical names on different domains won’t be updated correct
34087 SPX: If encryption is done with SPX umlauts will get lost.
34104 WAF: Domain wildcards didn’t work anymore after update to v9.3xx
34117 Invalid response line on handler 5 from one website when using web filter in standard mode
34132 NTP Vulnerabilities , CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 [9.3]
34154 WAF https/s redirection does not work with non-standard ports
34157 Bridge interface not part of ha link monitoring
34165 Change of the UTM hostname in the settings of a RED results in a wrong log entry
34172 RAID monitor not running after updates
34173 Httpproxy fails to lookup correct backend group
34174 Download links in UserPortal (e.g. to download IPsec client software) don’t work anymore
34181 Kernel panic in ip_route_output_flow
34183 Since update to v9.304 there is no computer name in the endpoint virus notification
34190 [NUTM-463] OpenSSL security update
34191 smtpd dies without coredump because parsing of from field results in a timeout [v9.3]
34197 httpcache cannot be created – mkdir /var/httpcache/0 failed: File exists
34213 Cloning and editing of a http whitelist breaks the original whitelist
34226 repctl -s stops working if using time zone AEDT (Australia)
34268 Missing graphs in Web Protection after updating to 9.305
34279 Clients are disappearing from the Endpoint overview and some clients appear with high numbers behind the computername
34281 After update to 9.306 PDF Attachments can not be open in Adobe Reader
34308 Backup import via wizard doesn’t work
34337 HTTP Proxy: Device auth reports wrong operating system
34352 Sender address gets invalid in smtp proxy
34385 http proxy resets https connection after 5 minutes
34424 WAF: Client repuation check slow down
34426 Since few days is not reachable anymore

Leave a Reply

Click on the button to load the content from

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.


ekahau Certified Survey Engineer
Post Categories
Post Archives