Recommended steps for OpenSSL Security Advisory [05 Jun 2014]

  • Article ID: 121112
  • Rating:
  • 1 customers rated this article 3.0 out of 6
  • Updated: 02 Jul 2014

This article provides the recommended steps for OpenSSL Security Advisory [05 Jun 2014].

Applies to the following Sophos product(s) and version(s)
Sophos UTM 8.3,
Sophos UTM 9.1,
Sophos UTM 9.2 

Recommended steps for OpenSSL Security Advisory [05 Jun 2014]

The following Sophos UTM products and versions require a patch:

  • Sophos UTM v9.2
  • Sophos UTM v9.1 
  • Sophos UTM v8.3 

To patch these affected versions please download the corresponding version via the following links:

affected version corresponding fixed version download-link
 v9.2 v9.203

Update from 9.202 to 9.203

ftp: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.202028-203003.tgz.gpg
Md5sum: 003dd2c89a9281f2b34d7c92892fc563
size ~60 mb

v9.1
v9.113

Update from 9.112X to 9.113 

ftp: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.112012-113001.tgz.gpg
Md5sum: ca92863b248868df05405b0ec065660c
size ~12 mb

In case you have currently installed version 9.111X you first of all have to update to 9.112 with the following up2date package:

ftp:ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.111007-112012.tgz.gpg
md5sum: f3683cc6587ea806dc5f35783a99d9a4
size ~88 mb

v8.3
v8.312

Up2date link: ftp://ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.312.tgz.gpg
MD5SUM: 5cf6e90f9e1157779888225610863d77
File size: ~4MB

Now you can install the package via the WebAdmin. Therefore proceed as follows:

  1. Login to the WebAdmin
  2. Navigate to Management | Up2Date | Advanced
  3. Click on the Folder icon
  4. Now click on Choose File to select the regarding package which you just downloaded from you local system
  5. Once you selected the correct package click on "Start Upload"
  6. When the upload has been completed click on Apply
  7. To start the update switch to Management | Up2Date | Overview and click on on the button "Update to latest version now"

Additional Security Suggestions

Once you have updated your UTM you are no longer vulnerable. But in case you are using the Sophos SSL VPN client to also establish a VPN tunnel to an unpatched product/gateway(which is probably exploitable) it is recommended to also update the client.

To do so proceed as follows once you have updated the UTM:

  • Login to the UserPortal of the UTM
  • Navigate to Remote Access
  • Download the complete installation package
  • Once you have downloaded it roll it out to all your remote clients

 

Related information 

Blog article: http://blogs.sophos.com/2014/06/06/openssl-man-in-the-middle-vulnerability-network-gateway-product-patch-information/

Blog article: http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/

KBA: http://sophos.com/kb/121108

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments