Software Update: Sophos UTM 9.711

Spread the love

Sophos has released a new version of its Unified Threat Management, UTM for short, with 9.711 as the version number. This software runs on physical hardware as well as in a soft appliance for VMware, Hyper-V, Xen and KVM delivered† In addition to the paid variants for companies offers Sophos offers this home firewall at no cost. For the various image and update files, please visit the MySophos portal. The announcement of this release looks like this:

UTM Up2date 9.711 released

We’ve just released SG UTM version 9.711. This release follows very quickly after 9.710 as it contains some important vulnerability fixes. We recommend that even if you only recently upgraded to 9.710, you should apply this fix as soon as possible.

This version addresses the recently highly-publicized vulnerability in OpenSSL, CVE-2022-0778. It also addresses a vulnerability recently discovered in Apache, CVE-2022-22720. Apache is used in WAF and for the WebAdmin and user interfaces.

The new Wireless Access Point firmware included with this release is essential for anyone adding new APX access points. Due to supply chain issues we have made some hardware changes in the most recent revisions of our APX models that require this latest firmware version 11.0.109. This version also addresses the recent certificate-parsing vulnerability discovered in OpenSSL so it is worth applying even if you don’t have any new access points.

Finally, you may notice a small change in the format of the firmware version when you’re using WebAdmin – we’ve added an identifier to make it clear whether you’re using the 32-bit or 64-bit version of the UTM operating system.

Other news

  • Maintenance Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Issues Resolved

  • NUTM-13334 [Basesystem] PowerShell / Putty – Default SSH client options result in failed connection
  • NUTM-13394 [Basesystem] Openssl Vulnerability – CVE-2022-0778
  • NUTM-13421 [Basesystem] Upgrade Apache to 2.4.53 (UI) – CVE-2022-22720
  • NUTM-13326 [UI Framework] Identify 32-bit or 64-bit build in WebAdmin footer
  • NUTM-13419 [WAF] Upgrade Apache to 2.4.53 (WAF) – CVE-2022-22720
  • NUTM-13363 [Wireless] Integrate updated APX firmware version 11.0.019
  • NUTM-13433 [Wireless] AP/APX : Openssl Vulnerability – CVE-2022-0778

UTM Up2date 9.710 released

This update removes the end-of-life SSLVPN client. It is no longer available to download from the User Portal. For more information see this end-of-life notice and this vulnerability disclosure.

With the standalone IPSec client also reaching end-of-sale on March 30, 2022, we have refreshed the remote access page of the User Portal to better support Sophos Connect. Sophos Connect is the recommended alternative to the old SSLVPN and IPSec clients. Download links on the User Portal now direct users to the Sophos Connect section on our downloads page. Configuration links have been updated to provide certificate packages and settings that can be imported by Sophos Connect to get users up and running quickly.

Sophos Connect client should be able to work with any IPSec or SSLVPN configuration you already have set up.

Other news

  • Maintenance release
  • Security release

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Issues Resolved

  • NUTM-12592 [Basesystem] Use Only Secure Ciphers for UTM SSH Server
  • NUTM-12784 [Basesystem] Patch BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, CVE-2021-25219)
  • NUTM-13101 [Basesystem] Patch Strongswan Vulnerability (CVE-2021-41991)
  • NUTM-13119 [Basesystem] Patch Binutils Vulnerability (CVE-2021-3487)
  • NUTM-13144 [Basesystem] Remove SSLVPN client downloader from UTM
  • NUTM-13192 [Basesystem] Use Secure Key Exchange Algorithms for SSH
  • NUTM-13203 [Basesystem] snmpd high memory for snmpwalk v3
  • NUTM-12615 [Configuration Management] Root password hash exposed via confd*.log (CVE-2022-0652)
  • NUTM-13013 [Email] Upgrade Exim to v4.95
  • NUTM-13200 [Email] OAEP RSA padding mode still uses SHA-1 in S/MIME
  • NUTM-13267 [Email] SQLi in the Mail Manager (CVE-2022-0386)
  • NUTM-13071 [Logging] IPFIX reporting transferred data on wrong direction
  • NUTM-12885 [Network] IPS exception issue
  • NUTM-12987 [RED] Issue with RED tunnel on BO after disconnecting PPPoE
  • NUTM-12936 [Web] Add configuration for overriding warn page to proceed link protocol (Standard Mode SSO)

Version number 9.711
Release status Final
Website Sophos
Download
License type Freeware/Paid
You might also like