Release Notes CSG 5.0.6

Collax Security Gateway
20.08.2009

Issues Fixed in this Version

Security: Linux Kernel

In the source code of the Linux kernel a critical security hole has been discovered. This hole is going to be closed within this patch for the Linux kernel version 2.6.25.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2692

Security: Web Server Apache

In the source code of the Apache webserver security holes have been discovered. These holes will be closed within this Collax software update.

Apache 2.2.12 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-1891 CVE-2009-1195 CVE-2009-1890 CVE-2009-1191 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956

Security: DHCP Server

In the source code of the dhcp server security holes have been discovered. These holes will be closed within this Collax software update.

Dhcpd 3.1.2p1 will be installed. Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0692

Security: Internet Domain Name Server Bind

In the source code of the Internet Domain Name Server security holes have been discovered. These holes will be closed within this patch update for Bind version 9.5.1.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-0696

Security: Download Tool Curl

In the source code of the download tool curl security holes have been discovered. These holes will be closed within this patch update for curl version 7.19.0

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2417

Security: VPN IKE Daemon Pluto

In the source code of the IKE daemon pluto security holes have been discovered. These holes will be closed within this patch update for pluto version 2.4.9

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2185

Security: Graphics Librarie Libpng3

In the source code of the graphics library Libpng3 security holes have been discovered. These holes will be closed within this Collax software update to version libpng3 1.2.39.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2009-2042

VPN: Using SSL VPN with ActiveDirectory-Proxy

SSL-VPN offers a secure and authenticated connection to internal network resources. In version 5.0.4 user credentials of an ActiveDirectory user was doubly interrogated for the use of SSL VPN: Once in the Collax WebAccess and afterwards when calling the SSL VPN application. With update 5.0.6 this behaviour is improved. ActiveDirectory users log in to the Collax Webaccess and can execute the associated SSL VPN applications, without additional input of login credentials.

Backup/Restore: Backup Data on Streamer after Upgrade

After the upgrade from version 4 to version 5 of the Collax server backups on tape were interrupted with following message: “Please mount volumes Tape1 or label a new one for:”. The suitable tape drive could not be mounted properly into the system. This error is repaired with this update. The Tape drive is mounted correctly into the system and the associated backup job is executed completely.

Notes

Collax SSL-VPN: Behaviour change of objects

With the new version of SSL-VPN the network permissions of all objects will be checked. Thus, the corresponding networks should be added to the group permissions. The port or interface for the SSL-VPN service does not have to be configured with this version.