Release Notes CSG 5.5.10
Collax Security Gateway
13.08.2013
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
Issues Fixed in this Version
Security: Strongswan IKE Daemon for VPN Connections
In the source code of Strongswan, the IKE Daemon for VPN Connections a security hole has been discovered, which treated empty signatures as valid. This hole is going to be closed with a patch for the version 4.6.1.0.
Web Proxy: Web Proxy does not start, Cache is deleted
When the proxy-cache has been emptied and reinitialized with the action “clear cache”, the directory structure could not be recreated in some cases. This resulted in the Web-Proxy-Service being unable to start. This will be fixed with this update.
VPN: UTF-8 Character within PSK String
Using special characters like € or @ in the preshared-key resulted in missing connection information in the gui under System → Monitoring/Analysis → Link Status and System → Monitoring/Analysis → IPsec. With this version the generation of the connection scripts has been improved in a way that UTF-8 characters are being used correctly. VPN status details are being shown correctly with this.
Authentication: Incorrect Calculation of the Primary Email Address when using ActiveDirectory and
the Collax AD-Proxy
The calculation of default mail addresses was broken for various reasons when user data was imported from ActiveDirectory via the Collax AD proxy. With this update a number of additional configuration variables are introduced to be used by the Collax AD proxy. This allows the calculation of the addresses to be performed correctly during runtime rather than configuration time.
Add-on Software: Files with suspicious extensions are filtered
Files with a suspicious extension (e.g. .jpg.exe) are filtered by the Avira scanner.
System Management: Logfiles when Checking LSI Controller Fills up Hard Disk
With this update the monitoring of LSI raid controller is going to be improved.