Release Notes CSG 7.1.12

Collax Security Gateway
26.03.2020

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Collax Central: New features - Own content and notifications

Auf einem Central-Server kann mit den beiden Funktionen „Auslöser“ und „Benachrichtigung“ für ausgewählte Ereignisse auf Central-Clients eine Benachrichtigung versendet werden. Hierzu beobachtet ein Auslöser die einlaufenden Daten der Central-Clients und reagiert auf ein vorgegebenes Muster. Ist die Bedingung des Auslösers erfüllt und für ihn eine Benachrichtigung konfiguriert, werden die angegebenen E-Mail-Empfänger über das Ereignis informiert.

With this version, two new feature pairs are available for the additional module “Collax Central”.

Individual information can be collected on a client and displayed on the server in its own box.

An observer can be scheduled for events. Once a condition is met a trigger is generated. E-mail notifications can then be defined for the triggers.

Misc: New Supportfeature - Post-Config

With this version a new support feature is available under the name Post-Config. With Post-Config changes to the configuration of the server can be made, which otherwise could not be carried out via the administration interface. This is the case if the behavior of the server in a different situation or a bug fix must be imported. If necessary, Collax Support will help you.

System Management: Linux Kernel 4.9.215

This update installs Linux kernel 4.9.215.

Issues Fixed in this Version

Security: Web Proxy

In the source code of the web proxy server security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517

Security: Point-to-Point Protocol (pppd) Daemon

In the source code of the PPP daemon, security holes have been discovered. These holes will be closed within this Collax software update.

Assigned Common Vulnerabilities and Exposures (CVE) number:

CVE-2020-8597

Security: Ghostcat

Security researchers have fixed critical gaps in the Apache Tomcat web server and container that has established itselve under the name “Ghostcat”. This will update Tomcat to version 9.0.31.

See here .

VPN: pass MTU to ipsec-route

No MTU is set within the tunnel for incoming IPSec connections with a virtual IP address. This can lead to fragmented IPSec packets, which in turn can cause further problems. This update ensures that the value include into the connection establishment.

VPN: Duplicate IP addresses for ongoing connections

With long-established IPSec dial-up connections with a virtual IP address, it could occur that new connections receive the same IP address as the already connected IPSec client. This made the connection (more precisely: the ESP connection) of the previous client unusable. This will be corrected with the update.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

E-Mail: Changed ruleset format of Spam Filter SpamAssassin

Please note: On March 1st, the SpamAssassin project will change the format of the ruleset updates. From this date on, only systems that have installed Update 7.1.10 will receive updates.

Table of Contents

Newsletter Subscription