Release Notes CSG 7.2.22
Collax Security Gateway
24.10.2023
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to Menu → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this version
Security: Linux Kernel 5.10.198
This update installs the Linux kernel 5.10.198.
Security: Important security-relevant system packages
Security vulnerabilities have been discovered in the source code of important system packages. These are closed with this software update.
The bug fixes refer to the packages:
- curl-8.4.0
- Apache Tomcat 9.0.82
- php7: add two security fixes
- urllib3-1.26.17
- ghostscript 10.0.0~dfsg-11+deb12u2
- ncurses_6.1+20181013-2+deb10u4
- glib2.0_2.58.3-2+deb10u5
- elfutils_0.176-1.1+deb10u1
- libx11_1.6.7-1+deb10u4
Enclosed is an excerpt of the most known packages and CVE numbers:
- CVE-2023-3823
- CVE-2023-3824
- CVE-2019-17594
- CVE-2019-17595
- CVE-2020-19189
- CVE-2020-21047
- CVE-2020-14344
- CVE-2020-14363
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
Issues fixed in this version
GUI: Network error fixed
In the last release of the there was an error. In the dialogue Menu -> Network all created networks are displayed. Additional networks can be created in this dialogue. We have fixed an error that prevented the creation of new networks. With this update, the creation of networks is possible again without any problems.
Notes
Additional software: Bitdefender - Proxy for updates
The virus pattern updates are carried out according to a set cycle. For the pattern update of the Bitdefender virus and spam filter, the use of an http proxy is currently not possible.
Additional software: Bitdefender - pattern update after start-up
After the start-up of the Collax Antivirus powered by Bitdefender module, it may take a few minutes until the current virus patterns have been downloaded. If you click on Update Bitdefender in the virus scanner form during this time, an error message “Error connecting to server at /opt/lib/bitdefender//bdamsocket: -3” appears, because the background process has not yet been fully executed.
GUI: Running Jobs Hang Sporadically
The progress of the configuration jobs is displayed in the upper right corner of the web administration. In the case of extensive changes in the area network, especially in the area of country locks (geo-ip), the job display of the activation can hang in rare cases and lead to a timeout. For updates up to release 7.2.14, the message “ipset v7.11: Set cannot be destroyed: it is in use by a kernel component” also appeared. which could lead to uncertainty. The changes are all correctly applied and this is only a cosmetic problem. Until the error is completely fixed, you can help yourself by reloading the browser window.
VPN: Fix for IKEv2 with Microsoft Windows breaks after 7.6 hours
VPN connections with IKEv2 and the on-board tools of Microsoft Windows are interrupted after exactly after exactly 7.6 hours. The error occurs because Microsoft Windows suggests different algorithms during the IKE re-encryption than during the first first connection. The problem can be solved with a registry fix, by changing the value “NegotiateDH2048_AES256” under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters to 1 is set to 1.
Under the following Link you will find a REG file (registry entry) which adds the registry key. Collax accepts no liability for system errors resulting from this.