Release Notes CPS 5.5.18

Collax Platform Server
23.06.2014

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Security: Linux Kernel 2.6.32.62

This update installs Linux kernel 2.6.32.62. It fixes the issue with the futex system call and refers additional to

CVE-2014-0196

Backup/Restore: Change Backuptarget

When a backup target is configured to point to a different physical device, the original volume files (“media”) will no longer be found, resulting in a stale backup system. With this release the user is warned in that case.

E-Mail: New Webmail Roundcube

With this release, SquirrelMail webmail will be replaced by the modern Roundcube version 1.0.1 webmail. Direct access to SquirrelMail webmail is possible through https://IP-Adress/squirrellmail/. Please find Roundcube details here:

http://roundcube.net

Zarafa Groupware: Zarafa Collaboration Platform 7.1.10

With this update the version 7.1.10 of the Zarafa Collaboration Platform is released. The focus of the release is the ‘Automatic Outlook patching mechanism’ providing a seamless on-the-fly integration with newer Outlook updates. Additionally, this release is the first release to support Click-to-Run versions. Please find more details here:

Changelog ZCP 7.1.10

Collax E-Mail Archive: Two-Man-Rule

With this release the Auditor access to search through all archived e-mails will be explicitly replaced by a Two-Man-Rule. A control password is required. Therefore a second person has to enter a Control Password for the Archive Search.

Collax E-Mail Archive: E-Mail Notification for Archive Searches

With this release the Two-Man-Rule is being enhanced through an E-Mail Notification. If a search in all archived e-mails is being started, the configured e-mail addresses receive an info e-mail. Additionally there’s an entry in the system log file.

Collax E-Mail Archive: Auditor: Search E-Mail-Archiv

With this release the Two-Man-Rule is being enhanced through an info in the user Web access whether you’re being logged in with a user with auditor permission. You’ll see the message “Auditor: Suche im E-Mail-Archive”.

Collax Advanced Networking: Brute Force Protection

From this update on it is possible to enable a Brute Force Protection service. This new function allows to ban the ip-address of an attacker after a certain number of login attempts. The ip-address can be banned for a specified time period and will be released afterwards. Alternatively it can be released manually. Furthermore specific networks can be excluded or specific ip-adresses can be added manually.

System Management: Group from Active Directory with hyphen

The integration of Collax server in Microsoft ActiveDirectory is used to authenticate the users against the ActiveDirectory and to read user-related data from the ActiveDirectory. This data is going to be used within the Collax services to provide a full centralized user management via Microsoft ActiveDirectory. Until now AD groups may not contain hyphens in its name. With this update AD groups with hyphens can be made available to the local policy management.

Issues Fixed in this Version

Security: Scripting Language PHP5 and PHP Libraries

In the source code of PHP5 security holes have been discovered. These holes will be closed within this software update to PHP 5.3.28.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2013-2110 CVE-2013-4248 CVE-2013-6420

Security: GnuTLS Library

In the source code of the GnuTLS library a security hole has been discovered. This hole will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) number:

CVE-2014-3466

Security: MySQL Database

In the source code of the MySQL database security holes has been discovered. These holes will be closed within this software update to version MySQL 5.5.38.

Assigned Common Vulnerabilities and Exposures (CVE) number:

Oracle MySQL Risk Matrix

Security: Cryptography Toolkit OpenSSL

In the source code of the cryptography toolkit OpenSSL 0.9.8za security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2014-0224 CVE-2014-0195 CVE-2014-0221 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470 CVE-2014-0076

Authentication: Users with Umlauts fails Synchronisation with Active Directory

The user and group synchronisation for ActiveDirectory stopped if first or surname of a user contained special characters. This is fixes within a newer version of the synchronisation service ADproxy. All Users and Groups are synchronized after this update.

E-Mail: Primary Email address from Active Directory Users

Because of an error until now it was not possible to deactivate the option Use primary email address from Active Directory The option can be set in the form Settings → Mail and Messaging → SMTP reception, tab Options. From this update the option can be deactivated.

Zarafa Groupware: User for spam/ham folders

With the option Train Filter with Zarafa, the spam filter can be trained by the public folders LearnAsHam and LearnAsSpam of Zarafa Groupware. The filter must be trained with a local user with zarafa-admin permissions. The user doesn’t exist under certain circumstances when being included in the ADS domain. This is going to be fixed with this update. A local user isn’t needed anymore.

Zarafa Groupware: Publice Folders with Address in e-mail domain

When using Zarafa, it is possible to set up folders to which all users have shared access on the mail server. They can also be addressed by e-mail. Because of an error the folders have been created without an e-mail address in the Zarafa global address book. This is going to be fixed with this update.

The search function can be accessed via the user Web access. Under certain circumstances the search could lead to a timeout and had to be restricted. This is going to be fixed with this update. A new technology called Server-Sent-Event (SSE) has been implemented. A timeout doesn’t occur any longer.