Release Notes CSG 5.0.6
Collax Security Gateway
20.08.2009
Issues Fixed in this Version
Security: Linux Kernel
In the source code of the Linux kernel a critical security hole has been discovered. This hole is going to be closed within this patch for the Linux kernel version 2.6.25.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: Web Server Apache
In the source code of the Apache webserver security holes have been discovered. These holes will be closed within this Collax software update.
Apache 2.2.12 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:
CVE-2009-1891 CVE-2009-1195 CVE-2009-1890 CVE-2009-1191 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956
Security: DHCP Server
In the source code of the dhcp server security holes have been discovered. These holes will be closed within this Collax software update.
Dhcpd 3.1.2p1 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: Internet Domain Name Server Bind
In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.5.1.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: Download Tool Curl
In the source code of the download tool curl security holes have been discovered. These holes will be closed within this patch update for curl version 7.19.0
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: VPN IKE Daemon Pluto
In the source code of the IKE daemon pluto security holes have been discovered. These holes will be closed within this patch update for pluto version 2.4.9
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: Graphics Librarie Libpng3
In the source code of the graphics library Libpng3 security holes have been discovered. These holes will be closed within this Collax software update to version libpng3 1.2.39.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
VPN: Using SSL VPN with ActiveDirectory-Proxy
SSL-VPN offers a secure and authenticated connection to internal network resources. In version 5.0.4 user credentials of an ActiveDirectory user was doubly interrogated for the use of SSL VPN: Once in the Collax WebAccess and afterwards when calling the SSL VPN application. With update 5.0.6 this behaviour is improved. ActiveDirectory users log in to the Collax Webaccess and can execute the associated SSL VPN applications, without additional input of login credentials.
Backup/Restore: Backup Data on Streamer after Upgrade
After the upgrade from version 4 to version 5 of the Collax server backups on tape were interrupted with following message: “Please mount volumes Tape1 or label a new one for:”. The suitable tape drive could not be mounted properly into the system. This error is repaired with this update. The Tape drive is mounted correctly into the system and the associated backup job is executed completely.
Notes
Collax SSL-VPN: Behaviour change of objects
With the new version of SSL-VPN the network permissions of all objects will be checked. Thus, the corresponding networks should be added to the group permissions. The port or interface for the SSL-VPN service does not have to be configured with this version.