Release Notes CSG 5.5.4

Collax Security Gateway
05.11.2012

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Misc: Avira Pattern Update via Collax Cloud

Update of patterns for the Avira virus scanner are going to downloaded from the server update.collax.com.

Misc: Core-File Directory

In particular cases it is mandatory to analyse system processes in detail. These core files are written in to the systems directory /var/tmp from this version on.

Hardware: Extended Support of UPS (USB) with blazer_usb and bcmxcp

This update installs the drivers blazer_usb und bcmxcp for UPS with USB-Connection. A list of supported devices can be found in the Collax HWCL or on the site www.networkupstools.org .

Issues Fixed in this Version

Security: Scripting Language PHP5 and PHP Libraries

In the source code of PHP5 security holes have been discovered. These holes will be closed within this software update to PHP 5.3.18.

Security: Internet Domain Name Server Bind

In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.6.

Web Proxy: Web-Proxy Rules do not work when User of Active Directory contains a Blank

If a Active Directory is used for central user management the web proxy authentication mechanism can be connected to that Active Directory. The filter rules of the web proxy did not work if the login credentials contained a blank.

Authentication: All Users from ActiveDirectory can authorize via PPTP

If access via PPTP link is set up with authentication on an ActiveDirectory all users from the ActiveDirectory could login via PPTP. This is fixed with this update. Thus only one group from ActiveDirectory can authorize to establish a PPTP connection.

Net: Edit existing Traffic Classes

If traffic classes were used for bandwith management, existing traffic classes could not be edited. This message was display via the web administration interface Form definition does not match result set (or schema):.

If multiple WAN links and port forwardings were used on one ore more links, the port forwarding didn’t work correctly sometimes. A kernel patch is supplied with this update to fix the set up metioned above.

If multiple WAN links and L2TP connection were used on one link with low priority the L2TP connection to the client was established using the wrong source address. A patch is supplied with this update to set up the correct route right after the IPsec SA has been established.

Authentication: LDAP Server does not Start after Reboot

In this update many improvements will be implemented for the integration of Active Directories. These improvements deal with email addresses, active monitoring of the AD proxy and clean up of imported AD objects when leaving an AD.

High System Load by Kavsd on 64 Bit Systems

The service kavsd caused a high system load in particular cases while scanning files on 64 bit systems. This behaviour is fixed with this update.w

System Management: Nagios-Check Areca Raid Controller

With this update the monitoring of Areca raid controller is going to be improved.