Release Notes CSG 5.0.8

Collax Security Gateway
15.12.2009

New in this Version

E-Mail: SMTP Relay Port adjustable

In this version when using a SMTP-Relay under “Settings->Mail and Messaging->Mail->SMTP outbound” or “Domains” a port for the SMTP-Host can be specified. The adjustment of another SMTP relay port may be needed if the relay-server of your E-mail provider does not accept E-mails on standard port 25.

From this update on it is possible to create a network link based on DHCP with routing into internet. This is i.e. used for cable modem connections.

VPN: Citrix ICA client for SSL VPN application

SSL-VPN offers a secure and authenticated connection to internal network resources. From this update on the Citrix(ICA)-Client can be used as SSL VPN application to connect to Citrix server or terminal server.

VPN: Additional SSL VPN Options for RDP Connections

From this version on additional option can be used when configuring RDP connection via SSL-VPN. These options enable to choose i.e wether compression, themes, wallpapers, serial devices, printer or disk drives are used within the RDP connection.

Backup/Restore: Logical Volume for Backup Target

Logical Volumes are now also work as backup targets to save important data on them. This offers two possibilities. First, a backup can be placed on a local logical volume which has a certain size and does not effect the system even it is filled. Second, the backup data can be saved on an external iSCSI target.

System Management: Importable Groups

Groups which are usable over the ActiveDirectory-Proxy can now be added to the local groups under “Settings->Usage Policy->Policies->Importable Groups”

In this list all groups and their import state are displayed which are usable over the ActiveDirectory-Proxy. Imported ActiveDirectory-Proxy groups can be used as usual groups.

Hardware: Support of GUID Partition Tables

From this update on GUID partition tables (GPT) for new installtions of Collax servers are supported. This extends the possible size of a server hard disk over 2 TB. The maximum size of an allocated harddisk may be 8192 Exabytes.

Issues Fixed in this Version

Security: Internet Domain Name Server Bind

In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.5.1.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-4022

Security: Unix printing system CUPS

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version cups 1.3.11.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2820

Security: IMAP Service Cyrus

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version cyrus 2.3.13.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2632

Security: Fetchmail Service

In the source code of the unix printing system CUPS security holes have been discovered. These holes will be closed within this Collax software patches for version fetchmail 6.3.11.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2666

Security: Directory Service OpenLDAP

In the source code of the directory service OpenLDAP security holes have been discovered. These holes will be closed within this Collax software update to version OpenLDAP 2.4.19.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-3767

Security: MySQL Administration phpmyadmin

In the source code of the MySQL administration phpmyadmin security holes have been discovered. These holes will be closed within this Collax patch update of version phpmyadmin 2.11.9.5.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-3697 CVE-2009-3696

Security: Samba, Windows SMB/CIFS Server for UNIX

In the source code of the Windows SMB/CIFS fileserver Samba security holes have been discovered. These holes will be closed within this Samba software patch for version 3.0.34.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2813 CVE-2009-2906 CVE-2009-2948

Security: Linux Kernel

In the source code of the Linux Kernel security holes have been discovered which will be closed within this update. Furthermore newer versions of the e1000e- and igb-driver for intel networkcards will be installed.

Web Proxy: Anonymize HTTP Header and Authentication

If the web proxy option Anonymize HTTP header was set to Paranoid the web proxy authentication didn’t work correctly. With this update some settings for Anonymize HTTP header Paranoid have been improved so the web proxy authentication is going to work.

System Management: Monitoring of a URL

The active monitoring enables the check of certain URLs of other servers. If characters like = & ? are used within the URL string the monitoring service displayed an error message concerting the service description:

With this update the illegal characters will be deleted from the service description. So the service check can be executed correctly and the URL is going to be monitored.

Hardware: HP/Compaq Smart Array Controllers

The entry in the Bootloader to boot HP/Compaq Smart Array controller devices, had been put falsely to /dev/sda in version 5.0.6. With this update to version 5.0.8 the correct device /dev/cciss/c0d0p3 is selected, if a HP/Compaq Smart Array controller is used.

Notes

Collax SSL-VPN: Behaviour change of objects

With the new version of SSL-VPN the network permissions of all objects will be checked. Thus, the corresponding networks should be added to the group permissions. The port or interface for the SSL-VPN service does not have to be configured with this version.