Release Notes CSG 7.1.16

Collax Security Gateway
16.07.2020

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

System Management: Linux Kernel 4.9.230

This update installs Linux kernel 4.9.230.

System Management: Monitoring consistency check on Broadcom Controllers

Nagios’ active monitoring of RAID controllers from Broadcom (Avago / LSI) will be adapted with this release. The consistency check activated in the RAID controller is no longer displayed as a warning by Nagios.

Issues Fixed in this Version

Security: Intel SRBDS Special Register Buffer Data Sampling

Intel has discovered further critical security vulnerabilities on numerous CPUs. These can be protected by adapting the operating system and updating the microcode. With this update the kernel-side protection mechanisms and the new microcode are introduced.

The new microcode is updated to microcode-20200616. The new Linux kernel is updated to version 4.9.230.

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • GnuTLS 3.6.6
  • slapd Patch: “Fixed slapd to limit depth of nested filters”
  • Squid 4.9.12
  • Apache 2.4.43
  • PHP 7.2.31

CVE-2018-16868 CVE-2020-12243 CVE-2020-12243 CVE-2019-12521 CVE-2019-12528 CVE-2020-8517 CVE-2020-11945 CVE-2020-14059 CVE-2020-1934 CVE-2020-1927 CVE-2019-11048 CVE-2020-7066 CVE-2020-7064 CVE-2020-7062

System Management: Monitoring BBU state on Broadcom Controllers

Nagios’ active monitoring of RAID controllers from Broadcom (Avago / LSI) will be adapted with this release. Due to a behavior change, the code had to be adjusted to give a degraded BBU the status CRITICAL.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

E-Mail: Changed ruleset format of Spam Filter SpamAssassin

Please note: On March 1st, the SpamAssassin project will change the format of the ruleset updates. From this date on, only systems that have installed Update 7.1.10 will receive updates.

VPN: IKEv2 with Microsoft Windows stops after 7.6 hours

VPN connections with IKEv2 and the on-board resources of Microsoft Windows interrupt after exactly 7.6 hours. It can be reestablished by restarting the connection.