Linogate Internet Technologies
   

4.2-4-0

Security issueAll systems Directory traversal with tar archives

Using special options in tar archives, arbitrary files could be overwritten when extracting the archive. Still sufficient file access permissions had been required though.

Security issueFeature not included, enabled, used or useful on all systems Failure notification of Kaspersky signature update

Failed signature updates due to connection errors have not been detected since Kaspersky 5.5.4.27-0 (update 4.2-3.0). No error notification has been sent to the administrator.

UpdateAll systems Update of Linux kernel

This release will update the Linux kernel to 2.4.33. After the update the system will reboot automatically. Please do not reboot by hand.

UpdateFeature not included, enabled, used or useful on all systems Update of the IPSec VPN

The new IPSec module will be required by future extensions.

BugfixOnly on individual systems or under very specific conditions Update of the virusscan proxy

The new release should fix the remaining problems.

ChangeFeature not included, enabled, used or useful on all systems F-Secure antivirus license key

Beginning with this release, the F-Secure antivirus scanner requires its own license key. Scanner licenses which have been purchased before 2007-01-01 will be recognized by the update. For scanner licenses purchased after this date you will receive a key file which has to bee installed in menu "Expert -> Virusscanner".

BugfixFeature not included, enabled, used or useful on all systems F-Secure Antivirus problems with various archive formats

ChangeFeature not included, enabled, used or useful on all systems Speedup of Kaspersky Antivirus signature update

BugfixOnly on individual systems or under very specific conditions Potential crash of SIP proxy

NewFeature not included, enabled, used or useful on all systems More mailclient parameters

UpdateFeature not included, enabled, used or useful on all systems Builtin proxylist databases

UpdateFeature not included, enabled, used or useful on all systems Builtin anti-spyware databases for firewall and DNS

Minor bugfixes and improvements

4.2-3-8

Security issueAll systems Buffer overflow in gzip archive tool

Expanding a specially crafted archive, gzip could crash or enter an infinite loop. The flaw could also be used to execute arbitrary code.

Security issueAll systems Update of OpenSSL crypt library

A buffer overflow and denial-of-service vulnerabilities will be fixed with this update.

BugfixFeature not included, enabled, used or useful on all systems IPSec stopped after ADSL restart

In particular after installing an update on systems with persistent ADSL connection, the IPSec service failed to restart automatically.

BugfixOnly on individual systems or under very specific conditions Possible denial of service against SSH server

The secure shell server is vulnerable to a denial-of-service attack. Usually only remote support will use this feature, so in most environments this is not a critical problem.

NewOnly on individual systems or under very specific conditions Option to increase SPAM filter score of kyrillic mails

Minor bugfixes and improvements

4.2-3-7

Security issueFeature not included, enabled, used or useful on all systems Update of OpenSSL crypt library

A vulnerability has been fixed which allowed to forge a certificate signature under very specific conditions. Although an analysis of our system showed that it's most likely not vulnerable we decided to provide an update to be on the safe side.

BugfixFeature not included, enabled, used or useful on all systems Possible denial of service against DNS server

The server could be crashed by sending specific recursive queries. On a properly configured system only internal IP adresses are allowed to send recursive queries.

Minor bugfixes and improvements

4.2-3-6

BugfixFeature not included, enabled, used or useful on all systems Possible denial of service against mail server

With a specially crafted email an attacker could crash the mail server.

NewIn this release series only available on systems with software maintenance contract Web access to MIME filter quarantine directory

With this new release it becomes easy to access attachments which have been quarantined by the MIME filter. Simply download them in menu "Monitoring -> Mail server". Remember to be very careful with attachments sent by someone you do not trust or with unusual file names.

BugfixOnly on individual systems or under very specific conditions Occasional crashes of virusscan proxy

Some customers still report crashes of the new virusscan proxy. The new version restarts it automatically in case of a crash. Hopefully we can provide a clean solution soon.

Minor bugfixes and improvements

4.2-3-5

BugfixOnly on individual systems or under very specific conditions Virusscan proxy crash

Since the virusscan proxy was updated in 4.2-3.3 it sometimes crashed when both, virusscan and tagfilter have been enabled for the same mime type.

ChangeFeature not included, enabled, used or useful on all systems Disabled rekeying for L2TP IPSec VPN

From now on only the client will initiate a rekeying. The server initiated rekeying is not supported by Windows builtin L2TP IPSec anyway. As a side effect most of the connections in %hold state will disappear.

NewFeature not included, enabled, used or useful on all systems Assigned DNS for L2TP clients now configurable

Minor bugfixes and improvements

4.2-3-4

BugfixFeature not included, enabled, used or useful on all systems Virusscan proxy corrupting downloaded files

The updated virusscan proxy which came with update 4.2-3.3 may damage downloads with Internet Explorer on Windows XP SP2.

BugfixOnly on individual systems or under very specific conditions Optimized mail statistics generator

On some systems with high email traffic the mail statistics generator caused problems due to the large amounts of memory it required. The new highly optimized version should solve this problem.

ChangeFeature not included, enabled, used or useful on all systems Enabled relay SPAM filter disables individual SPAM filter

To avoid overload it is no longer possible to run the SPAM filter on both stages: as relay and as user specific SPAM filter. As long as the relay SPAM filter is enabled, the individual SPAM filter is unavailable.

Minor bugfixes and improvements

4.2-3-3

NewFeature not included, enabled, used or useful on all systems Display software with network monitor

The display software running on 19" systems with LCD panel will now include a network monitor. It shows the current throughput of each network interface.

NewFeature not included, enabled, used or useful on all systems Configuration of whole subnets for L2TP address pool

It is now possible to add ranges of IPs to the L2TP address pool by specifying network addresses with corresponding netmask. You need to type less and it saves system performance.

NewOnly on individual systems or under very specific conditions McAfee signature updates with active FTP

Signature updates may fail due to overloaded McAfee FTP servers, reporting too many passive mode connections. It is now possible to use active mode FTP instead.

BugfixOnly on individual systems or under very specific conditions DNS anti spyware after system reset

On new or reset systems and after uploading a system backup the DNS server refused to start with DNS anti ad-/spyware option enabled.

BugfixOnly on individual systems or under very specific conditions Service start after automatic update

Some services which had been stopped during an automatic update have not been started again, depending on their actual configuration.

UpdateFeature not included, enabled, used or useful on all systems New virusscan proxy for future extensions

Minor bugfixes and improvements

4.2-3-2

NewFeature not included, enabled, used or useful on all systems Delete web cache contents feature

At the request of many users finally available: A button to delete the contents of the web cache.

NewIn this release series only available on systems with software maintenance contract Extended URL filter access denied message

In addition to the simple "Access denied" message you can now configure a more detailed message which provides a hint why access has been blocked. It is also possible to redirect the forbidden message to a custom web page.

BugfixOnly on individual systems or under very specific conditions Endless loop while generating email statistics

With users forwarding or aliasing email to oneself, the mail statistics could enter an endless loop.

BugfixFeature not included, enabled, used or useful on all systems Mails and downloads denied a few days before the Kaspersky license expires

The status code returned by the Kaspersky virus scanner indicating that the license key will expire within the next two weeks was misinterpreted as a scan failure. Hence the delivery of mails and downloads was denied.

BugfixOnly on individual systems or under very specific conditions Relay SPAM filter not refusing emails

The problem occured since 4.2-3.0 if the relay SPAM filter had been configured to redirect tagged emails to a specific address. Mails with a score exceeding the threshold to refuse delivery have been accepted and redirected, too.

BugfixOnly on individual systems or under very specific conditions Problems with Kaspersky update, backup and logfile archiver via proxy

NewFeature not included, enabled, used or useful on all systems CA signed certificates can now be issued for either one, two or three years

Minor bugfixes and improvements

4.2-3-1

BugfixFeature not included, enabled, used or useful on all systems Error creating mailbackups

Due to an error in update 4.2-3.0 the mailbackup will abort on systems with lots of available disk space. Update 4.2-3.0 has been fixed on 2006-03-28, 9:00 a.m. CEST. If the new 4.2-3.0 update file has been installed, the system is not affected.