Release Notes CSG 5.0.12

Collax Security Gateway
11.03.2010

New in this Version

GUI: Login and Hostname Display

From this version some improvements are included for the administration interface. The login dialog includes the IP address of the server and the product name. Additional the entire host name is indicated in the header of the administration gui. Loading the data for a form is marked by a tip.

System Management: CPU Load (%) by Service

The analysis of the CPU Load (%) by Service in the form System -> Monitoring/Analysis -> Status -> System Information is extended with this update by the services Webproxy, SMTP, IMAP/POP3, LDAP and MySQL. With it the CPU utilisation of running services can be observed even easier.

Hardware: Support of IBM x3250 M3 Type 4252 Model EAG (Chipset Intel 3420)

With this update Collax Server support IBM x3250 M3 Type 4252. The driver for the SATA controller has been rebuild. Collax Server can be installed and run on IBM x3250 M3 Type 4252.

Issues Fixed in this Version

Security: Linux Kernel 2.6.25

In the source code of the Linux kernel security holes have been discovered. These holes will be closed within these patches for the Linux kernel 2.6.25.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2005-4881 CVE-2009-1633 CVE-2009-2848 CVE-2009-2903 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612 CVE-2009-3621 CVE-2009-3726 CVE-2009-3939 CVE-2010-0007 CVE-2010-0415

Security: Internet Domain Name Server Bind

In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.5.2.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2010-0382 CVE-2010-0290 CVE-2010-0097

Security: Cryptography Toolkit OpenSSL

In the source code of the cryptography toolkit OpenSSL 0.9.8k security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-4355

Security: Compression Utility gzip

In the source code of the compression utility gzip security holes have been discovered. These holes will be closed within this patch update for the gzip 1.3.12.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2624 CVE-2010-0001

GUI: Support of Firefox 3.6

The Firefox browser version 3.6 uses a new method getBoundingClientRect to provide offset coordinates of an element. Previous Firefox versions use the method getBoxObjectFor. Both methods are supported by the administration GUI from this update on. Operations, like right mouse click can be executed using Firefox 3.6.

E-Mail: Release of Held Emails

If e-mails are stopped by defined filters for attachments or MIME under circumstances it was not possible to release this e-mail again. The release of such to hold e-mails is corrected with this update. If e-mails are released via the administration GUI they are passed to the next instance of the SMTP server and they are delivered to the receiver.

VPN: Multiple IP Addresse in PPTP connection

If a VPN (PPTP) with several IP addresses was used for a secure remote access, the routing table had been set incorrectly from the third active client connection on. A network connection was thereby not possible. With this update the allocation between devices and IP addresses is being corrected. After the third incoming client connection by PPTP the routing table is correctly allocated with the IP address the device uses. Then the destination network can be reach with the established remote access connection.

Add-on Software: Log Rotation of Collax Virus Protection

The file scan executed by the Collax virus Protection generates log file entries for every search. The rotation of these log files had been irregular up to now. With this update this process is going to be integrated within the system-specific rotation for log files.

System Management: Service Alert when monitoring Webproxy with Nagios

If the system is monitored actively and the Webproxy service is enabled service alerts are reported sometimes, even if the Webproxy perfectly works. With this update the suitable Nagios check is corrected.

System Management: Monthly Log File Rotation is omitted

Up to now the contents of the system log file could be kept for 1 day, 1 week or 1 month. Then the file was saved and moved. To process and search through the system log file the optin to store the file monthly is cancelled and replaced with the weekly rotation from this update on.

Notes

Collax SSL-VPN: Behaviour change of objects

With the new version of SSL-VPN the network permissions of all objects will be checked. Thus, the corresponding networks should be added to the group permissions. The port or interface for the SSL-VPN service does not have to be configured with this version.