Release Notes CSG 7.1.18
Collax Security Gateway
29.09.2020
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this Version
Collax Central: Windows agent and migration between V-Servers
With this version, Collax Central is being prepared for two upcoming products. An agent for Windows should appear shortly. With the Windows agent it will be possible to include Windows servers and desktops in the overview of all servers. In addition, a new function is introduced for the dashboard, which enables virtual machines to be migrated between Collax V servers (project name V-Connect). In Collax Central, for example a VM on a Collax V-Cube can be selected. Via a direct call to the administration interface it can then be moved to a Collax V-Bien.
GUI: copy permalink to clipboard button
This adds a new button to the form controls which allows copying of the current form/detail direct-url to the clipboard. This makes it easy to directly jump to a specific form e.g. via a bookmark.
Misc: Web-Terminal
A new web terminal is installed with this release. With the web terminal, a direct console call is possible via the administration interface.
Misc: Smbclient and libarchive
With this update, the smbclient is compiled with libarchive 3.4.13 and thus supports different methods of using zip archives.
Misc: Online Documentation - Links to forms
Forms are described in several places in the online documentation. By restructuring the online documentation, forms can now be directly opened from the documentation via a link.
System Management: Saving own URL lists
Own URL lists are available for the webproxy. They offer the option of managing one or more lists of URLs. Up to now, own lists were not saved in the configuration files, but only as a backup item. The ones currently visible in the web interface can now be saved within the configuration files.
File: Webaccess - logged in
Previously it was not immediately obvious whether a user was logged in to the webaccess or not. It was only a change in the logout/in icon and the username was visible in the bottom right.
Issues Fixed in this Version
Security: Buffer overflow in the Linux kernel
An employee of the security company Palo Alto Networks has discovered a critical security issue in the network stack of the Linux kernel. The loophole relates to CVE-2020-14386 . This update protects against this buffer overflow.
Security: ClamAV
In the source code of the virus scanner ClamAV security holes have been discovered. These holes will be closed within this software update to the version 0.102.4.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
CVE-2020-3350 CVE-2020-3327 CVE-2020-3481 CVE-2020-3341 CVE-2020-3123 CVE-2019-15961
Web Proxy: Squid 4.13
The Squid web proxy is updated to version 4.13 with this update. In order to a bug which led to the termination of transparent https connections in Chrome and Edge and was acknowledged with the error “ERR_CONNECTION_CLOSED”.
Notes
E-Mail: Avira AntiVir prior Version 7.1.6
From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.
VPN: IKEv2 with Microsoft Windows stops after 7.6 hours
VPN connections with IKEv2 and the on-board resources of Microsoft Windows interrupt after exactly 7.6 hours. It can be reestablished by restarting the connection.