Release Notes CSG 5.5.18
Collax Security Gateway
23.06.2014
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this Version
Security: Linux Kernel 2.6.32.62
This update installs Linux kernel 2.6.32.62. It fixes the issue with the futex system call and refers additional to
Net: Brute Force Protection
From this update on it is possible to enable a Brute Force Protection service. This new function allows to ban the ip-address of an attacker after a certain number of login attempts. The ip-address can be banned for a specified time period and will be released afterwards. Alternatively it can be released manually. Furthermore specific networks can be excluded or specific ip-adresses can be added manually.
Backup/Restore: Change Backuptarget
When a backup target is configured to point to a different physical device, the original volume files (“media”) will no longer be found, resulting in a stale backup system. With this release the user is warned in that case.
System Management: Group from Active Directory with hyphen
The integration of Collax server in Microsoft ActiveDirectory is used to authenticate the users against the ActiveDirectory and to read user-related data from the ActiveDirectory. This data is going to be used within the Collax services to provide a full centralized user management via Microsoft ActiveDirectory. Until now AD groups may not contain hyphens in its name. With this update AD groups with hyphens can be made available to the local policy management.
Issues Fixed in this Version
Security: Scripting Language PHP5 and PHP Libraries
In the source code of PHP5 security holes have been discovered. These holes will be closed within this software update to PHP 5.3.28.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
CVE-2013-2110 CVE-2013-4248 CVE-2013-6420
Security: GnuTLS Library
In the source code of the GnuTLS library a security hole has been discovered. This hole will be closed within this Collax software update.
Assigned Common Vulnerabilities and Exposures (CVE) number:
Security: MySQL Database
In the source code of the MySQL database security holes has been discovered. These holes will be closed within this software update to version MySQL 5.5.38.
Assigned Common Vulnerabilities and Exposures (CVE) number:
Security: Cryptography Toolkit OpenSSL
In the source code of the cryptography toolkit OpenSSL 0.9.8za security holes have been discovered. These holes will be closed within this Collax software update.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
CVE-2014-0224 CVE-2014-0195 CVE-2014-0221 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470 CVE-2014-0076
E-Mail: Primary Email address from Active Directory Users
Because of an error until now it was not possible to deactivate the option Use primary email address from Active Directory The option can be set in the form Settings → Mail and Messaging → SMTP reception, tab Options. From this update the option can be deactivated.
Authentication: Users with Umlauts fails Synchronisation with Active Directory
The user and group synchronisation for ActiveDirectory stopped if first or surname of a user contained special characters. This is fixes within a newer version of the synchronisation service ADproxy. All Users and Groups are synchronized after this update.