Release Notes CSG 5.5.2

Collax Security Gateway
07.05.2012

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Backup/Restore: Consolidated Email Nofitication

By now an email notification was sent for each single backup element from a backup job. From this update all status information of a backup job will be gathered and sent to the backup administrator in one email.

Backup/Restore: New Backup Token eases Bare Metal Restore

From this version a token file is provided to the administrator after each backup process. This token includes several files which accelerates and eases a bare metal restore considerably. The token can be uploaded within the bare metal restore wizard. Afterwards all registered additional software will be installed and the backup target is automatically configured. Then all required data can be restored.

Hardware: Support of UPS (USB) with nut 2.6.2

This update installs the Network UPS Tool (nut) 2.6.2. This extends the support for UPS with USB-Connection. A list of supported devices can be found in the Collax HWCL or on the site www.networkupstools.org .

Issues Fixed in this Version

Security: Severe Vulnerability in Samba, Windows SMB/CIFS Server for UNIX

In the source code of the Windows SMB/CIFS fileserver Samba a severe security vulnerability has been discovered. This vulnerability will be closed within this Samba software patch.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2012-1182 CVE-2012-2111

Security: Cryptography Toolkit OpenSSL

In the source code of the cryptography toolkit OpenSSL 0.9.8k security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2012-2110

Web Proxy: Web-Proxy Exception and Authentication

If a web proxy exception for authentication was set up for a specific URL a user had to authenticate nonetheless. With this update the configuration of the exception is set up correctly in the web proxy configuration and the use does not have to authenticate.

Net: CPU Load by Ksoftirqd Using IPsec Tunnel

Since the implementation of StrongSwan it could occur that the thread ksoftirqd led to a irregular hight CPU load when running IPsec tunnels. This is fixed with a kernel patch in this update.

Backup/Restore: Spooling for Data Restore

A spooling directory is use to avoid shoe shining effect if using tapes for data backup. From this update a spooling directory is used also for date restore from tapes.