Security Update 7.1.4 for Collax C-Server available

27.06.2019

Protection against ZombieLoad and TCP SACK, as well as PHP7

Some security vulnerabilities that have been classified as critical will be closed with this update. We recommend that you update all C servers.

ZombieLoad: AMD and the latest Intel processors are not vulnerable to the newly discovered side-channel attack. However, all other Intel processors must be protected by operating system adjustments and a microcode update. This update introduces the kernel-side protection mechanisms and the new microcode.

TCP SACK: Under certain conditions, a kernel panic can be provoked via TCP. This update protects against this Denial of Service (DoS) attack.

PHP7: Newly discovered vulnerabilities in PHP7 will be fixed with the new version 7.1.4.

Further information and details can be found in the release notes for the individual products:

» Collax Business Server Release-Notes

» Collax Security Gateway Release-Notes

» Collax Groupware Suite Release-Notes

» Collax Platform Server Release-Notes

Note to all Avira users

We cannot rule out the possibility that after a change in the licensing of the Avira components as of 01.07.2019, virus detection will only work to a limited extent. However, instead of letting data pass unfiltered, it is blocked until the licensing status is back in order. To prevent problems, please update the license status. Go to the form “Status / Software / Licenses and Modules” and click on the button “Update license status”. We apologize for any inconvenience.