WatchGuard has posted a new update release for Dimension at the software download site. The release fixes some security vulnerabilities that were reported in WatchGuard Dimension. This is a maintenance update to patch security vulnerabilities. There are no new enhancements. The Release Notes include a comprehensive list of resolved issues, including:
- The version of OpenSSL used by Dimension has been updated.
- This release includes fixes to address several reported command injection and cross scripting vulnerabilities.
WatchGuard appreciates the efforts of security researchers that test and report issues in our products. We encourage researchers in the security community to disclose any issues using the email@example.com email address. Thanks to Francesco Oddo at Security Assessment for his responsible disclosure of this vulnerability.
Do These Releases Pertain to Me?
WatchGuard recommends that all users of Dimension should upgrade to avail of the security fixes.
Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved.
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.