Release Notes CPS 5.0.8

Collax Platform Server
15.12.2009

New in this Version

Backup/Restore: Logical Volume for Backup Target

Logical Volumes are now also work as backup targets to save important data on them. This offers two possibilities. First, a backup can be placed on a local logical volume which has a certain size and does not effect the system even it is filled. Second, the backup data can be saved on an external iSCSI target.

E-Mail: SMTP Relay Port adjustable

In this version when using a SMTP-Relay under “Settings->Mail and Messaging->Mail->SMTP outbound” or “Domains” a port for the SMTP-Host can be specified. The adjustment of another SMTP relay port may be needed if the relay-server of your E-mail provider does not accept E-mails on standard port 25.

Collax Communication: Notification of incoming Facsimiles

Incoming facsimile can now be relayed to an arbitrary receipient additional to relay to user, to store facsimiles within folders or home directories. Also it is possible to send an e-mail notification in different languages if a facsimile comes in or an error occurs.

From this update on it is possible to create a network link based on DHCP with routing into internet. This is i.e. used for cable modem connections.

Collax Net Security: Citrix ICA client for SSL VPN application

SSL-VPN offers a secure and authenticated connection to internal network resources. From this update on the Citrix(ICA)-Client can be used as SSL VPN application to connect to Citrix server or terminal server.

Collax Net Security: Additional SSL VPN Options for RDP Connections

From this version on additional option can be used when configuring RDP connection via SSL-VPN. These options enable to choose i.e wether compression, themes, wallpapers, serial devices, printer or disk drives are used within the RDP connection.

Collax Net Security: Multi Level Firewall

With the Multi Level Firewall it is possible to include Users, Operating Systems and Applications to the Firewall rules. Therefore specific Applications like e.g. Skype can be forbidden.

The Multi Level Firewall can be set up under “Settings->Network->Multi Level Firewall”. To use the Multi Level Firewall the Collax Multi Level Firwall Client has to be downloaded from the “Installation packages” tab. Finally the client must be installed on the machines the Multi Level Firewall schould take effect.

System Management: Importable Groups

Groups which are usable over the ActiveDirectory-Proxy can now be added to the local groups under “Settings->Usage Policy->Policies->Importable Groups”

In this list all groups and their import state are displayed which are usable over the ActiveDirectory-Proxy. Imported ActiveDirectory-Proxy groups can be used as usual groups.

Misc: Zarafa 6.30.5 ISV application available

With this Collax software update the new version 6.30.5 of Zarafa Groupware is available. Some new functions are

Please find the complete list of changes here . The upgrade of an existing installation of Zarafa 6.20 can be executed if wanted via the Collax administration GUI in the menu “Settings -> Mail and Messaging -> Zarafa Groupware -> Configuration”. Please note: A valid license is needed or needs to be converted to use all the functions of Zarafa Groupware 6.30 after the upgrade.

Hardware: Support of GUID Partition Tables

From this update on GUID partition tables (GPT) for new installtions of Collax servers are supported. This extends the possible size of a server hard disk over 2 TB. The maximum size of an allocated harddisk may be 8192 Exabytes.

Issues Fixed in this Version

Security: Directory Service OpenLDAP

In the source code of the directory service OpenLDAP security holes have been discovered. These holes will be closed within this Collax software update to version OpenLDAP 2.4.19.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-3767

Security: Linux Kernel

In the source code of the Linux Kernel security holes have been discovered which will be closed within this update. Furthermore newer versions of the e1000e- and igb-driver for intel networkcards will be installed.

Security: Unix printing system CUPS

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version cups 1.3.11.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2820

Security: IMAP Service Cyrus

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version cyrus 2.3.13.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2632

Security: Fetchmail Service

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version fetchmail 6.3.11.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2666

Security: Samba, Windows SMB/CIFS Server for UNIX

In the source code of the Windows SMB/CIFS fileserver Samba security holes have been discovered. These holes will be closed within this Samba software patch for version 3.0.34.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2813 CVE-2009-2906 CVE-2009-2948

Security: File Download via SSL and Internet Explorer

If downloading files from the Collax server via HTTPS on Collax Webaccess with Internet Explorer the message

could be displayed. With this Collax update the option unsetCacheControl can be set for the according file share. If the Internet Explorer is provided with the Hotfix , files can be downloaded correctly afterwards.

Security: MySQL Administration phpmyadmin

In the source code of the MySQL administration phpmyadmin security holes have been discovered. These holes will be closed within this Collax patch update of version phpmyadmin 2.11.9.5.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-3697 CVE-2009-3696

Collax Net Security: Anonymize HTTP Header and Authentication

If the web proxy option Anonymize HTTP header was set to Paranoid the web proxy authentication didn’t work correctly. With this update some settings for Anonymize HTTP header Paranoid have been improved so the web proxy authentication is going to work.

Collax Mail Security: Fetchmail Service

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version fetchmail 6.3.11.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2666

File: File Download via SSL and Internet Explorer

If downloading files from the Collax server via HTTPS on Collax Webaccess with Internet Explorer the message

could be displayed. With this Collax update the option unsetCacheControl can be set for the according file share. If the Internet Explorer is provided with the Hotfix , files can be downloaded correctly afterwards.

System Management: Monitoring of a URL

The active monitoring enables the check of certain URLs of other servers. If characters like = & ? are used within the URL string the monitoring service displayed an error message concerting the service description:

With this update the illegal characters will be deleted from the service description. So the service check can be executed correctly and the URL is going to be monitored.

Hardware: HP/Compaq Smart Array Controllers

The entry in the Bootloader to boot HP/Compaq Smart Array controller devices, had been put falsely to /dev/sda in version 5.0.6. With this update to version 5.0.8 the correct device /dev/cciss/c0d0p3 is selected, if a HP/Compaq Smart Array controller is used.

Notes

With this update all functions of the modul will be installed and can be used on the server. In the list of additional modules in the “License and modules” formular the module will be shown as not installed. To solve this you have to run the Install action.

Add-on Software: New Licensing of Avira Antivir

The Anti Virus product Avira Antivir will now be identically licensed like all Collax Modules. With this method a higher handling comfort is reached.

Add-on Software: Download Progress Bar when using Avira Antivir Web-Virus-Filter

The anti virus product Avira Antivir displayed a special progress bar while scanning downloaded files. With the new anti virus technology within this update this progress bar becomes superfluous. From this update the progress bar of Avira Antivir is going to be removed.