Home
Sophos Firewall OS (SFOS) Update v17.5 - MR6 veröffentlicht
Sophos Firewall

Sophos Firewall OS (SFOS) Update v17.5 - MR6 veröffentlicht

Patrizio - June 19, 2019

Sophos hat die Version 17.5 MR6 für das Sophos Firewall OS (SFOS) veröffentlicht.

Hinweis: Für weitere Informationen zum Upgrade schaut euch folgenden Post an: SFOS Firmware auf Sophos Firewall aktualisieren.

Info: Sophos hat die kürzlich entdeckten Sicherheitslücken im Exim-E-Mail-Server geschlossen. Exim wird von der XG Firewall v17.5 verwendet, insbesondere wenn ihr die Email Protection aktiviert habt. Am Freitag, den 7. Juni 2019, veröffentlichte Sophos bereits einen Over-the-Air-Hotfix für alle XG-Firewalls, bei denen die automatischen Updates aktiviert waren. Wer die Auto-Update-Funktion nicht nutzt oder wem diese nicht zur Verfügung steht, kann die Exim-Sicherheitslücken nun mit dem Upgrade auf v17.5 MR6 schliessen.

Radius SSO-Authentifizierung zwischen XG und APX

Benutzer, die über ein Wifi verbunden sind, können sich nun zwischen einer XG und einem APX Access Point per SSO mit dem Radius verbinden. 👍 Es werden nun auch framed IP-Adressen in client accounting messages unterstützt.

Fehlerbehebungen

  • NC-40785 [API Framework] Incorrect data types and values in API documentation
  • NC-44687 [API Framework] Unable to update webadmin settings when WAF rule with port 80 is configured
  • NC-43933 [Authentication] csd not cleaning up stale connections
  • NC-45077 [Authentication] Some LDAP users are not associated with the expected group
  • NC-45283 [Authentication] Memory leak in access server
  • NC-46024 [Authentication] Guest user registration is not working after upgrading to 17.5 MR4
  • NC-46572 [Authentication] Race condition in access server when setting authserverid
  • NC-44178 [Backup-Restore] Unnecessary selection button when downloading backup without encryption password
  • NC-45532 [Clientless Access] Clientless SMB Bookmark - Unable to upload files in a folder or share with an apostrophe
  • NC-39353 [Core Utils] Brazilian timezone and DST problem
  • NC-40924 [Core Utils] ATP patterns filling up /content/ folder
  • NC-43506 [DHCP] Established connection is destroyed when dynamic WAN interface gets configured
  • NC-46351 [DHCP] DHCP service dies on firmware upgrade
  • NC-43624 [Dynamic Routing (PIM)] Coredump from pimd while applying interfaces in pim-sm in HA-AA case
  • NC-41225 [Email] Assertion while scanning mail with custom file mime type
  • NC-42752 [Email] Issues with certificate chain
  • NC-42986 [Email] Mail application usage reports shows 0bytes for POP and IMAP
  • NC-43179 [Email] Mails stuck in queue when email id contains '='
  • NC-43285 [Email] Filtering for bounced mails freezes mail log page
  • NC-43399 [Email] "DKIM: validation of body hash failed" when DKIM signed mail gets forwarded by XG
  • NC-43445 [Email] Mails are split in different header information and hang in spool
  • NC-43539 [Email] Unable to access appliance after restoring backup
  • NC-44131 [Email] Core dumps in smtpd while deleting mail from mail spool page
  • NC-44490 [Email] Unable to use CAs with ECC certificates
  • NC-44559 [Email] Conan engine does not get upgraded on migration
  • NC-44662 [Email] Mails with folded headers might not be processed correctly
  • NC-45144 [Email] Exim complaining about illegal header file
  • NC-45223 [Email] Unable to filter mail log with some special russian characters
  • NC-46145 [Email] Email notification using external mail server not working after upgrading to 17.5 MR4
  • NC-42902 [Firewall] IPsec traffic flows only after REKEY event
  • NC-44344 [Firewall] Not able to enable IP Spoofing on more than 18 zones
  • NC-46188 [Firewall] GUI icons broken in firewall rules
  • NC-44083 [Hotspot] Hotspot voucher created in HA setup is expired and has used data attached to it
  • NC-38688 [IPsec] Sporadic connection interruption to local XG after IPsec rekeying
  • NC-41631 [IPsec] Tunnel not established in HA setup
  • NC-43220 [IPsec] Unable to use "Reset" button on Sophos Connect settings page
  • NC-43898 [IPsec] Improve udp/500 firewall rule activation
  • NC-44072 [IPsec] Charon timeout while starting on small appliances with 20+ IPsec tunnels and auth type 'rsa'
  • NC-44240 [IPsec] XG not accepting MODP_1024 DH during IKE negotiations
  • NC-44016 [Logging Framework] Garner segfault in Central Management plugin of garner
  • NC-44693 [Logging Framework, SecurityHeartbeat] Reports are not being generated
  • NC-45339 [Logging Framework] Assertion fail in garner causing RED clients to disconnect
  • NC-46535 [Logging Framework] Memory leak in notification plugin
  • NC-44531 [nSXLd] nSXLd connection handling improvements
  • NC-46117 [Policy Routing] Traffic passing through IPSec link though policy route (MPLS) has high priority
  • NC-30294 [PPPoE] PPPoE interface graph is showing incorrect bandwidth information
  • NC-33657 [SFM-SCFM] API output shows "Configuration parameters validation failed"
  • NC-44007 [SFM-SCFM] Error message on GUI: SSOD is stopped
  • NC-44562 [SFM-SCFM] Backup snapshot has not been restored from SFM when SF having encrypted password for backup
  • NC-43684 [SNMP] libsnmp segfaults for "AVVERSION Get"
  • NC-44695 [SSLVPN] Unable to connect via SSL VPN after migrating from CROS
  • NC-46253 [SupportAccess] Backport: Cannot connect to WebAdmin via SupportAccess
  • NC-43936 [UI Framework] Guest Users page not loading after deleting the last page of available Guest Users
  • NC-44018 [UI Framework] Type of icon should be drop-down instead of icon of increase-decrease
  • NC-44283 [UI Framework] Cannot load Connection Details page of an IPsec VPN connection when Chinese characters are used in local/remote host configuration
  • NC-45358 [WAF] Privilege escalation from modules' scripts (CVE-2019-0211)
  • NC-45544 [WAF] Reduce memory footprint
  • NC-45974 [WAF] URL normalization inconsistency (CVE-2019-0220)
  • NC-46104 [WAF] HTML rewriting in large embedded CSS causes appliance to reboot due to OOM
  • NC-46810 [WAF] NULL pointer dereference in mod_proxy_html
  • NC-43970 [Web] Policy editor window doesn't close when new policy created
  • NC-44089 [Web] Backslashes not properly escaped on User Activities page
  • NC-44228 [Web] Web categorization fails randomly
  • NC-44609 [Web] Incorrect parsing of DNS responses leads to 502 errors
  • NC-45020 [Web] Memory leak in sandbox pending page
  • NC-45094 [Web] SSL scan not on in case of force_ntlm on transparent connection
  • NC-27524 [Wireless] Restoring backup of Cyberoam 10.6.5050 GA not working when WLAN is configured
  • NC-45088 [Wireless] Selective export of WirelessNetworks with dependencies does not contain any dependencies
  • NC-45405 [Wireless] Country field for AP shown empty while accepting it with multple pending APs
  • NC-46142 [Wireless] SSID deleted but WiFi interface remains

Senden Sie Ihr Feedback

Teilen Sie uns Ihre Gedanken zu diesem Artikel mit, Ihre persönlichen Rückfragen sind immer willkommen und werden sehr geschätzt.

Feedback senden
Alle Informationen sind vertraulich
Newsletter

Auf unserem Blog publizieren wir regelmässig Artikel über diverse Themen rund um Sophos. Damit du keinen Artikel verpasst, kannst du dich in unseren Newsletter eintragen und bekommst einmal pro Monat eine Zusammenfassung aller Artikel der letzten 30 Tage per E-Mail zugestellt.

Knowledge Base

Du brauchst Hilfe zu einem Sophos Produkt? Dann kann dir vielleicht unsere kostenlose Knowledge Base weiterhelfen. Wir versuchen, die meisten Supportanfragen in einem Artikel zu dokumentieren, um möglichst vielen Menschen damit zu helfen.