Release Notes CGS 7.0.8

Collax Groupware Suite
28.06.2017

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

System Management: expiry date of CRL

A CRL (Certificate Revocation List) is a blacklist of certificates signed by a CA but revoked before to the expiry date. The dialog Usage Policy -> Certificates -> X.509 Certificates can be used to generate a CRL for a CA administered on the system. The CRL is then automatically used by all local services. Within this service the expiry date is set to 3650 days for new generated CRLs.

Issues Fixed in this Version

Kopano Groupware: Z-Push Active Sync - Public Folders

You can select public folders to be available for Z-Push via the configuration option menu through the administrative web interface. To to an error in a script, the folders could’t be selected. Within this release, this is going to be fixed.

Kopano Groupware: Z-Push Active Sync - Public Folders

You can select public folders to be available for Z-Push via the configuration option menu through the administrative web interface. To to an error in a script, the folders could’t be selected. Within this release, this is going to be fixed.

GUI: Display of System Log Files

The action “Display” located under Monitoring/Analysis → Log Files → System Log Files displays the log-file entries. Due to an change in the program loggrep, the log-file entries couldn’t be displayed under certain circumstances for a specific interval. With this release the view is fixed.

Security: Stack Clash Attack

A security advisory researched various security flaws. These holes have been published as the “Stack Clash” and are going to be fixed within this release. Various patches for the kernel and the C-library glibc are included with this software update. See here .

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2017-1000364 CVE-2017-1000365 CVE-2017-1000366 CVE-2017-1000367 CVE-2017-6891

Security: patched Kernel 4.4.70

Several flaws regarding “The Stack Clash” were detected in the kernel. This update installs a patched kernel 4.4.70 where these flaws are fixed.

Security: Bug in Intel Skylake/Kaby Lake processors

Systems with the Intel processors code-named “Skylake” and “Kaby Lake” could, in some situations, dangerously misbehave. The microcode Update microcode-20170511 fixed this issue with this update for Intel Skylake processors. When using Kaby Lake processors, it’s recommended to disable Hyper-Threading in the BIOS. Also see here :

Security: Archivmanager unrar

In the source code of unrar security holes have been discovered. These holes will be closed within this software update to unrar 5.5.5. See CVE-2012-6706

Notes

Hardware: Boot Setup for HP/Compaq Smart Array Controllers

The existing Smart Array CCISS-driver is replaced with the new HP Smart Array SCSI (HPSA) driver during the upgrade. If a HP/Compaq Smart Array controller is used, the correct device in selected within this update.