Release Notes CBS 5.0.6

Collax Business Server
20.08.2009

Issues Fixed in this Version

Security: Linux Kernel

In the source code of the Linux kernel a critical security hole has been discovered. This hole is going to be closed within this patch for the Linux kernel version 2.6.25.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2692

Security: Web Server Apache

In the source code of the Apache webserver security holes have been discovered. These holes will be closed within this Collax software update.

Apache 2.2.12 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1891 CVE-2009-1195 CVE-2009-1890 CVE-2009-1191 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956

Security: DHCP Server

In the source code of the dhcp server security holes have been discovered. These holes will be closed within this Collax software update.

Dhcpd 3.1.2p1 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0692

Security: Internet Domain Name Server Bind

In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.5.1.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0696

Security: Download Tool Curl

In the source code of the download tool curl security holes have been discovered. These holes will be closed within this patch update for curl version 7.19.0

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2417

Security: VPN IKE Daemon Pluto

In the source code of the IKE daemon pluto security holes have been discovered. These holes will be closed within this patch update for pluto version 2.4.9

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2185

Security: Graphics Librarie Libpng3

In the source code of the graphics library Libpng3 security holes have been discovered. These holes will be closed within this Collax software update to version libpng3 1.2.39.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2042

File: FTP Command NLST

Executing the NLST command on a non matching file within a ftp connection the ftp server gave the feedback “150 Opening ASCII mode data connection for file list”, afterwards “450 No files found” and the data connection quits. This behaviour it is corrected with this update. After a NLST command on a file that is not available the message “450 No files found” is correctly returned and the data connection remains established.

E-Mail: Display of SIEVE Rules and Squirrel Web Mail

In version 5.0.4 Sieve rules (Absence note / holiday note) were not displayed within Squirrel. With the version 5.0.6 this behaviour is repaired, rules for absence notes etc. are displayed.

Note! For the correct functionality it can be necessary to execute the following steps within Squirrel-Webmail: “Options” -> “Display Preferences” -> “Use Javascript” -> “Always”, then click “Submit” again.

Backup/Restore: Backup Data on Streamer after Upgrade

After the upgrade from version 4 to version 5 of the Collax server backups on tape were interrupted with following message: “Please mount volumes Tape1 or label a new one for:“. The suitable tape drive could not be mounted properly into the system. This error is repaired with this update. The Tape drive is mounted correctly into the system and the associated backup job is executed completely.

Collax Net Security: Using SSL VPN with ActiveDirectory-Proxy

SSL-VPN offers a secure and authenticated connection to internal network resources. In version 5.0.4 user credentials of an ActiveDirectory user was doubly interrogated for the use of SSL VPN: Once in the Collax WebAccess and afterwards when calling the SSL VPN application. With update 5.0.6 this behaviour is improved. ActiveDirectory users log in to the Collax Webaccess and can execute the associated SSL VPN applications, without additional input of login credentials.

Notes

Add-on Software: New Licensing of Avira Antivir

The Anti Virus product Avira Antivir will now be identically licensed as all Collax Modules. With this method a higher handling comfort is reached and the separate Avira Antivir-License integration is now redundant. Updating the license manually will not be necessary anymore.

Add-on Software: Download Progress Bar when using Avira Antivir Web-Virus-Filter

The anti virus product Avira Antivir displayed a special progress bar while scanning downloaded files. With the new anti virus technology within this update this progress bar becomes superfluous. From this update the progress bar of Avira Antivir is going to be removed.

Misc: PHP update 5.3.6

In cause of the major-release of PHP 5.3.6 it is possible that files which use PHP have to be adapted.