Release Notes CSG 7.1.4

Collax Security Gateway
27.06.2019

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

System Management: Linux Kernel 4.9.182

This update installs Linux kernel 4.9.182.

Issues Fixed in this Version

Security: Scripting Language PHP7

In the source code of PHP7 security holes have been discovered. These holes will be closed within this software update to PHP 7.2.19.

CVE-2019-11036 / CVE-2019-11038 / CVE-2019-11039 / CVE-2019-11040

Security: ZombieLoad

Experts have discovered critical security holes. ZombieLoad refers to an attack on Intel processors, much like Meltdown and Spectre. AMD and the latest Intel processors are not vulnerable to the newly discovered side channel attack. All other Intel processors, however, have to be protected by adjustments in the operating system and an update of the CPU microcode. With this update the kernel-side protection mechanisms and the new microcode are introduced.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2018-12126 / CVE-2018-12130 / CVE-2018-12127 / CVE-2019-11091

Security: TCP SACK Panic

Netflix experts have discovered and released critical vulnerabilities in the Linux kernel network stack. Under certain conditions, a kernel panic can be provoked via TCP. This denial-of-service (DoS) attack is protected with this update.

System Management: Monitoring RAID state on Broadcom Controllers

Nagios’ active monitoring of RAID controllers from Broadcom (Avago / LSI) will be adapted with this release. Due to a behavior change, the code had to be adjusted to give a degraded RAID the status CRITICAL.