Linogate Internet Technologies
   

5.1-3-0

Security issueAll systems Linux kernel

The update adds a security check to the kernel's memory management.
When finished, the system will reboot automatically. Please do not reboot manually.

Security issueFeature not included, enabled, used or useful on all systems FTP client

While mirroring files from an FTP server, a compromised FTP server was able to overwrite system files.

NewFeature not included, enabled, used or useful on all systems Connection limits per interface

Individual connection limits may now be configured on each ippp- and adsl-interface. This is particularly useful on a fallback UMTS interface as you can now limit its use.

UpdateFeature not included, enabled, used or useful on all systems New Kaspersky Anti-Virus scanner version

With this update we move to Kaspersky 8. The new version requires much less memory. At the same time we switch to new license keys which are easier to handle when changing hardware.

UpdateFeature not included, enabled, used or useful on all systems Web proxy URL filter

A new and much faster software is now used for URL filtering. The URL database is updated and extended, too.

NewFeature not included, enabled, used or useful on all systems Web proxy NTLM authentication using ADS

Instead of RPC you can now also use the ADS protocol to join the Windows domain.

BugfixOnly on individual systems or under very specific conditions Web proxy NTLM authentication and Windows 2008r2

The update fixes problems when joining a Windows domain operated by a 2008r2 server.

BugfixOnly on individual systems or under very specific conditions Web proxy Problems with individual web servers and client software

The previous version failed to detect transfer encoding "chunked" while talking to some web servers. Futhermore the update includes a workaround for client software which doesn't handle the error code "417 Expectation failed" correctly.

UpdateFeature not included, enabled, used or useful on all systems Reverse proxy

For future extensions a new reverse proxy version is installed.

Minor bugfixes and improvements


5.1-2-8

Security issueFeature not included, enabled, used or useful on all systems LDAP server

If enabled, the LDAP server published addressbooks for email client programs. The update fixes a security vulnerability in the LDAP server. An attacker could crash the service or maybe execute program code.

NewIn this release series only available on systems with software maintenance contract UMTS Internet access

UMTS/GPRS based Internet dial-up connections are now possible by plugging a certified UMTS USB stick. The UMTS connection may be used as regular Internet connection or as a fallback for an ADSL line.

BugfixFeature not included, enabled, used or useful on all systems IPSec/L2TP setup package for 64-bit Windows

The quick and easy VPN configuration is finally also available on 64-bit Windows systems.

NewAll systems Network statistics for more interfaces

The network throughput chart is no longer only available for the Internet interface. There are statistics for all Ethernet, ADSL and IPSec interfaces now.

BugfixFeature not included, enabled, used or useful on all systems F-Secure signature update

The "Update signatures now" button no longer worked since release 5.1-2.6.

BugfixFeature not included, enabled, used or useful on all systems Routing priorities

If an IP network and some of its subnets are routed to different interfaces, the subnet routes may have been ignored due to wrong sort order.

NewOnly on individual systems or under very specific conditions Text file with all settings

For the purpose of documentation a large text file with all settings can be downloaded. Check tab "Reports" in menu "Monitoring -> Log files" for the download button.

NewOnly on individual systems or under very specific conditions Configurable SMTP HELO name

In addition to using DNS reverse lookup to deduce the hostname for SMTP HELO/EHLO commands, it is now possible to enter a static value, too.

NewOnly on individual systems or under very specific conditions IMAP for mail retrieval

There is an issue with POP servers if their connection idle timeout is too low. Switching to IMAP might be a good workaround then.

BugfixOnly on individual systems or under very specific conditions Web-Proxy error "Invalid Response"

Minor bugfixes and improvements


5.1-2-7

Security issueFeature not included, enabled, used or useful on all systems Windows network shares

A vulnerability in the Samba server has been discovered. An attacker could crash the service or maybe even execute arbitrary code.

BugfixFeature not included, enabled, used or useful on all systems Check for valid email sender domains

The enhanced test for valid sender domain we introduced in the previous update caused problems in certain cases. In particular configurations where the DNS MX entry of a local domain points to the system's own hostname were affected.
The extended test is now an option which has to be enabled if requested. Additionally the extended domain test no longer applies to connections from internal IPs. Also the local hostname is exempted.

BugfixFeature not included, enabled, used or useful on all systems MIME filter quarantine directory

Newly quarantined email attachment no longer showed up in the administration frontend since the previous update.

NewIn this release series only available on systems with software maintenance contract Less restrictive email reverse DNS check

The new alternative mode tests only for the existance of a reverse DNS record. The risk of rejecting a regular email is much lower in this mode.

Minor bugfixes and improvements


5.1-2-6

NewIn this release series only available on systems with software maintenance contract New mailserver options for SPAM defense

SMTP requires the sending system to introduce itself with a hostname. If it is either incomplete or obviously forged, the mail will not be accepted.
An other option tests if there are matching reverse and forward DNS entries for the sending system.
Finally the test for resolvable sender domains has been extended. In addition to the mere existence of the domain, a mail exchanger with a valid IP is required now.

NewIn this release series only available on systems with software maintenance contract Suppress email disposition notifications

A new mail server option filters requests for Message Disposition Notifications (MDNs) from inbound emails. So no user's mail program will ever send a return receipt regardless of its configuration.

BugfixOnly on individual systems or under very specific conditions URL filter crashes

Certain very long URLs caused the URL filter to crash. In the worst case Internet access via web proxy was no longer possible.

UpdateFeature not included, enabled, used or useful on all systems New releases of the SMTP mailserver and its virusscan and attachment filter modules

Minor bugfixes and improvements


5.1-2-5

Security issueFeature not included, enabled, used or useful on all systems F-Secure Antivirus

Malware in certain specifically crafted archives was not detected.

Minor bugfixes and improvements


5.1-2-4

ChangeFeature not included, enabled, used or useful on all systems Change to McAfee 6

On 2010-03-31 the official lifetime for McAfee 5.x scan engines ended. Since the evening of 2010-04-01 McAfee no longer provides signature files for 5.x engines. Please update the McAfee engine if necessary.
The signature files for McAfee 6 are available from a different directory on the McAfee FTP servers. This update changes the download path accordingly.

BugfixFeature not included, enabled, used or useful on all systems Appending text block to outgoing emails

If a local domain is configured to be an alias of an other local domain, text blocks have not or not correctly been appended to emails of these domains.

BugfixFeature not included, enabled, used or useful on all systems L2TP-IPSec setup package for Windows 7

L2TP-IPSec connections from a Windows 7 client fail, if the connection has been configured using the automatic setup package and the server is addressed by its DNS name. The setup package has now been fixed. Please issue a new setup packet to affected clients.

BugfixFeature not included, enabled, used or useful on all systems L2TP-IPSec routing problems

Connections from L2TP clients may have failed due to wrong routing entries. Clients being assigned an IP from a local network were not affected.

BugfixOnly on individual systems or under very specific conditions IPSec AH connections failed

NewFeature not included, enabled, used or useful on all systems Support for VDSL Internet access (VLAN 7)

NewIn this release series only available on systems with software maintenance contract Monitoring of DHCP server leases

Minor bugfixes and improvements


5.1-2-3

NewIn this release series only available on systems with software maintenance contract Web-Proxy content-type filter

Access may now be blocked based on the type of object (e.g. "video/*").

NewFeature not included, enabled, used or useful on all systems Cluster connection take-over

Routet connections are no longer interrupted in case of a failover as the stateful inspection firewall's internal data is now replicated to the other cluster node. Connections terminating or originating on a cluster node are still interrupted.

NewOnly on individual systems or under very specific conditions Cluster with shared Internet access

The two cluster nodes may now share the Internet connection (e.g. if only one ADSL line or only one Internet IP is available). While the backup node is in passive state it will connect to the Internet via the master. In case of a failover, the backup node will take the Internet connection.

BugfixFeature not included, enabled, used or useful on all systems New web proxy release with minor bugfixes

Minor bugfixes and improvements


5.1-2-2

Security issueAll systems gzip decompression tool

While decompressing a specially crafted gzip archive, an attacker was able to execute arbitrary code.

ChangeFeature not included, enabled, used or useful on all systems Processing of mail folders SPAM and HAM

The named folders are no longer renamed daily. Still the user will receive a daily report of new emails in these folders. Also by default emails are still deleted after 8 days. This period of time may now be changed for each individual user.

BugfixFeature not included, enabled, used or useful on all systems FTP server access

Access to the anonymous FTP server and login with the accounts for web and ftp server maintenance failed since release 5.1-2.0.

BugfixFeature not included, enabled, used or useful on all systems Cluster failover due to clock drift

If there is a significant difference in the system time of the cluster systems, a failover occured when re-synchronizing the clock. The cluster service will be updated to fix this problem.
Attention!
On a master node, the cluster service will be stopped after the update as the new and the old versions are not compatible. Please update the backup system soon afterwards. Then start the "Cluster service" in menu "Monitoring > Services" and don't forget to set its autostart option.
If it is not possible to update the backup system soon, you might want to disable the "Cluster node" service on the backup node an re-enable it on the master instead.

BugfixFeature not included, enabled, used or useful on all systems Cluster routing configuration

When syncing the configuration, network routes on the master system were overwritten by those of the backup.

ChangeFeature not included, enabled, used or useful on all systems Reduced memory consumption of F-Secure signature update

Minor bugfixes and improvements


5.1-2-1

BugfixFeature not included, enabled, used or useful on all systems SPAM filter signature database

In 2010 composed messages possibly marked as spam. This update fixes the problem with the actual signature database.