Support /
Knowledge Base

1.2.0 build 3007

---

New: SMTP Proxy Greylisting and Tarpit for Antispam Service
New: Application Filter Service (BETA)
New: Remote Configuration Backup Service
New: Redesigned configuration management (moved Options->Import/Export to System->Manage UTM Configuration)
New: Other web configuration interface changes
New: Change physical network interface order using ‘calibrate’ from Serial Console or Video terminal
Fix: Deleting an expired X.509 certificate will no longer delete unrelated IPSec PSK tunnels (which may have occured in some cases)
Fix: Improve reliability, stability and performance of apache2 server used for Web Configuration Interface
Fix: Improved stability and interoperability of IPSec VPN tunnels
Fix: Problems in SHA2-512 implementation used in IPSec VPN tunnels
Fix: Improve stability and performance of apache2 server used for Web Configuration Interface
Fix: Option “defaultroute” disabled by default in PPTP server configuration to avoid misconfigurations
Security: Properly handle a malformed ASN.1 structure to prevent remote attackers to mount a denial of service attack
Security: Properly handle malformed signed attributes with PKCS12 using CMS 
Security: Prevent remote attackers to cause a denial of service
Security: Prevent remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys
Security: Prevent remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses “particular cipher suites.”
Security: When the TLS server name extensions are enabled, do not allow remote attackers to cause a denial of service (crash) via a crafted packet
Security: Prevent remote attackers to execute arbitrary code via unspecified vectors
Security: Fix buffer overflow in OpenSSL implementation to prevent remote attack vectors involving a long list of ciphers
Security: Prevent attackers to cause a denial of service (CPU consumption) via parasitic public keys in X.509 certificates
Security: Prevent attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures
Security: Prevent malicious remote servers to cause a denial of service (client crash) via unknown vectors
Security: Prevent remote attackers to forge a PKCS #1 v1.5 signature that prevents OpenSSL from correctly verifying X.509 and other certificates
Security: Prevent a possible denial of service attacks against IPSec VPN tunnels using specially crafted DPD packets