Release Notes CSG 7.0.10

Collax Security Gateway
13.07.2017

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • libgcrypt
  • libxml2
  • Apache

CVE-2017-7526 CVE-2017-7375 CVE-2017-9048 CVE-2017-9050 CVE-2017-5969 CVE-2017-0663 CVE-2017-7679 CVE-2017-7668 CVE-2017-3169 CVE-2017-3167

Issues Fixed in this Version

Security: Bug in Intel Kaby Lake processors

Systems with the Intel processors code-named “Kaby Lake” could, in some situations, dangerously misbehave. The microcode Update microcode-20170707 fixed this issue with this update for Intel Kaby Lake processors.

GUI: Network groups without permission after Upgrade from Version 5 to Version 7

Within this release permissions for users and permissions for networks are differentiated. So there are user groups and network groups from now on. A number of network groups are created by default. Due to an error with extra long network namen, it could happen that the creation failed,, resulting in restricted access to the system for special services. This is going to be fixed within this release.

E-Mail: Postmaster Notification for large e-mails

The maximum size of an individual e-mail can be defined in the dialogue “SMTP reception”. When retrieving e-mail from external mailboxes, the postmaster notification didn’t work properly when exceeding the maximum message size. Within this release the postmaster notification is going to be fiexd.

E-Mail: Train Spam Filter

Because of an permission error it was not possible to access the database to learn from spam/ham folders. With this update learning works solid.

Net: Port forwardings for vpn service

Port forwardings are used to forward incoming requests to a different server. If a port forwardig was configured for the vpn services IPSec and PPtP, it didn’t work correctly. This is going to be fixed with this software update.

Net: DHCP server

Upon start-up, the systems in the local network get their IP address and network configuration from the DHCP server. Due to wrong configuration files, leases and IP adresses have been erroneous. This is going to be fixed with this software update.

VPN: StrongSwan IPsec

The usage of the bypass-lan plugin could lead to problems and is disabled from now on.

VPN: StrongSwan IPsec

The usage of the bypass-lan plugin could lead to problems and is disabled from now on.

Authentication: LDAP Server stability

In this update many improvements will be implemented for the integrationand stability of openldap.

Authentication: Login case-insensitive

In this update case-insensitive logins could lead to problems under certain circumstances. In Collax platform version 5 users could login the webaccess using capital letters. This behaviour is beeing reimplemented with this update.

Notes

Hardware: Boot Setup for HP/Compaq Smart Array Controllers

The existing Smart Array CCISS-driver is replaced with the new HP Smart Array SCSI (HPSA) driver during the upgrade. If a HP/Compaq Smart Array controller is used, the correct device in selected within this update.