Release Notes CSG 7.1.4
Collax Security Gateway
27.06.2019
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this Version
System Management: Linux Kernel 4.9.182
This update installs Linux kernel 4.9.182.
Issues Fixed in this Version
Security: Scripting Language PHP7
In the source code of PHP7 security holes have been discovered. These holes will be closed within this software update to PHP 7.2.19.
CVE-2019-11036 / CVE-2019-11038 / CVE-2019-11039 / CVE-2019-11040
Security: ZombieLoad
Experts have discovered critical security holes. ZombieLoad refers to an attack on Intel processors, much like Meltdown and Spectre. AMD and the latest Intel processors are not vulnerable to the newly discovered side channel attack. All other Intel processors, however, have to be protected by adjustments in the operating system and an update of the CPU microcode. With this update the kernel-side protection mechanisms and the new microcode are introduced.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
CVE-2018-12126 / CVE-2018-12130 / CVE-2018-12127 / CVE-2019-11091
Security: TCP SACK Panic
Netflix experts have discovered and released critical vulnerabilities in the Linux kernel network stack. Under certain conditions, a kernel panic can be provoked via TCP. This denial-of-service (DoS) attack is protected with this update.
System Management: Monitoring RAID state on Broadcom Controllers
Nagios’ active monitoring of RAID controllers from Broadcom (Avago / LSI) will be adapted with this release. Due to a behavior change, the code had to be adjusted to give a degraded RAID the status CRITICAL.