cglinux changelog ================= this file contains … · cglinux changelog ===== this file...
TRANSCRIPT
![Page 1: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/1.jpg)
CgLinux Changelog=================
This file contains the new features, changed features and bugs thathave been fixed for this version of the CgLinux OS products. Foradditional tips and information, see the Online Help and/or UserGuide.
5.2.3 :-------
Bugfixes
o kernel: backport bnx2 patches from upstream
5.2.2 :-------
Bugfixes
o glibc: fix stack extension attack in fnmatch (CVE-2011-1071)
5.2.1 :-------
New and improved
o update tzdata to 2010l
Bugfixes
o asc: fix asc-enable/disable scripts
o bzip2: fix CVE-2010-0405
o heartbeat: raise priority of ressource agent
o kernel:
o sync with 2.6.18-238.5.1.el5
o fix unix socket local dos (CVE-2010-4249)
o core: clear allocs for privileged ethtool actions (CVE-2010-4655)
o limit socket backlog add operation to prevent DoS (CVE-2010-4251)
o igb: only use vlan_gro_receive if vlans registered (CVE-2010-4263)
o [fs] exec: copy fixes into compat_do_execve paths
![Page 2: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/2.jpg)
(CVE-2010-4243)
o [fs] exec: make argv/envp memory visible to oom-killer (CVE-2010-4243
o [misc] binfmts: kill bprm->argv_len (CVE-2010-4243)
o [net] filter: make sure filters don't read uninit memory (CVE-2010-4158)
o [net] limit sendto/recvfrom/iovec total length to INT_MAX (CVE-2010-3859)
o [ipc] shm: fix information leak to userland (CVE-2010-4072)
o [ipc] initialize struct memory to 0 for compat functions (CVE-2010-4073)
o [serial] serial_core: clean data before filling it (CVE-2010-4075)
o [misc] futex: replace LOCK_PREFIX in futex.h (CVE-2010-3086)
o [ipc] sys_semctl: fix kernel stack leakage (CVE-2010-4083)
o [net] rds: fix local privilege escalation (CVE-2010-3904)
o [misc] make compat_alloc_user_space incorporate access_ok (CVE-2010-3081)
o [mm] accept an abutting stack segment (CVE-2010-2240)
o [net] sched: fix some kernel memory leaks (CVE-2010-2942)
o [mm] pass correct mm when growing stack (CVE-2010-2240)
o [mm] fix up some user-visible effects of stack guard page (CVE-2010-2240)
o [mm] fix page table unmap for stack guard page properly (CVE-2010-2240)
o [mm] fix missing unmap for stack guard page failure case (CVE-2010-2240)
o [mm] keep a guard page below a grow-down stack segment (CVE-2010-2240)
o [misc] futex: handle futex value corruption gracefully (CVE-2010-0622)
o [misc] futex: handle user space corruption gracefully (CVE-2010-0622)
![Page 3: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/3.jpg)
o [misc] futex: fix fault handling in futex_lock_pi (CVE-2010-0622)
o [mm] keep get_unmapped_area_prot functional (CVE-2010-0291)
o [mm] switch do_brk to get_unmapped_area (CVE-2010-0291)
o [mm] take arch_mmap_check into get_unmapped_area (CVE-2010-0291)
o [mm] unify sys_mmap* functions (CVE-2010-0291)
o [mm] fix pgoff in have to relocate case of mremap (CVE-2010-0291)
o [mm] fix the arch checks in MREMAP_FIXED case (CVE-2010-0291)
o [mm] fix checks for expand-in-place mremap (CVE-2010-0291)
o [mm] add new vma_expandable helper function (CVE-2010-0291)
o [mm] move MREMAP_FIXED into its own header (CVE-2010-0291)
o [mm] move locating vma code and checks on it (CVE-2010-0291)
o [netlink] connector: delete buggy notification code (CVE-2010-0410)
o [scsi] megaraid_sas: update driver to version 4.31
o [net] bnx2: update firmware to 6.0.x
o [net] bnx2: update to v2.0.8+ with new 5709 firmware j15
o [net] tg3: update to 3.108+ and add 5718 B0, 5719 support
o [net] e1000e: update to upstream version 1.2.7-k2
o [net] bnx2x: update bnx2x version to 1.52.53-4
o [net] ixgbe: update to upstream version 2.0.84-k2 (Andy Gospodarek) [568602]
o [message] fusion: update to 3.4.15
o [net] be2net: update to v2.102.348r with SR-IOV support
o [net] tcp: fix shrinking windows with window scaling
o [net] clusterip: check allocation before freeing memory
o [misc] kernel: restrict unprivileged access to dmesg
![Page 4: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/4.jpg)
o [net] bnx2: Increase max rx ring size from 1K to 2K
o [net] ixgbe: add option to control interrupt mode
o [misc] intel: support for Intel Cougar Point Chipset
5.2.0 :-------
New and improved
o cg-startup: capture output of firstboot scripts
o update openldap to 2.3.43
o added Intel Active System Console for MWG4000, MWG4500, MWG5000 and MWG5500
Bugfixes
o kernel:
o sync with 2.6.18-194.8.1.el5
o tg3: fix panic in tg3_interrupt
o tg3: fix INTx fallback when MSI fails
o e1000/e1000e: implement simple interrupt moderation
o fix various PI futex operations (CVE-2010-0622)
o fix multiple denial of service vulnerabilities in mmap/mremap (CVE-2010-0291)
o firmware and driver updates for bnx2 and bnx2x
o driver update for tg3
o driver update for igb
o netlink connector: delete buggy notification code (CVE-2010-0410)
o fix sys_move_pages infoleak (CVE-2010-0415)
o fix kernel info leak with print-fatal-signals=1 (CVE-2010-0003)
o emergency route cache flushing fixes (CVE-2009-4272)
o fasync: split 'fasync_helper()' into separate add/remove functions (CVE-2009-4141)
![Page 5: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/5.jpg)
o ipv6: fix ipv6_hop_jumbo remote system crash (CVE-2007-4567)
o respect flag in do_coredump (CVE-2009-4036)
o gdth: prevent negative offsets in ioctl (CVE-2009-3080)
o pipe.c null pointer dereference (CVE-2009-3547)
o require root for mmap_min_addr (CVE-2009-2695)
o AF_UNIX: deadlock on connecting to shutdown socket (CVE-2009-3621)
o ipmi: add HP message handling
o openssh: don't do pam with empty password if empty passwords are switched off (#81148)
5.1.9 : Part Number 91-0950405-A--------------------------------
Bugfixes
o kernel:
o futex: Handle user space corruption gracefully (CVE-2010-0622)
o OOM/crash in drivers/connector (CVE-2010-0410)
o [net] sctp: backport cleanups for ootb handling V2 (Neil Horman) [555666 555667] (CVE-2010-0008)
o [fs] ext4: Avoid null pointer dereference when decoding EROFS w/o a journal (Jiri Pirko) [547256 547257] (CVE-2009-4308)
o [mm] fix sys_move_pages infoleak (Eugene Teo) [562589 562590] (CVE-2010-0415)
o [x86_64] wire up compat sched_rr_get_interval (Danny Feng) [557684 557092]
o [net] netfilter: enforce CAP_NET_ADMIN in ebtables (Danny Feng) [555242 555243] (CVE-2010-0007)
o [misc] fix kernel info leak with print-fatal-signals=1 (Danny Feng) [554583 554584] (CVE-2010-0003)
o [net] ipv6: fix OOPS in ip6_dst_lookup_tail (Thomas Graf) [559238 552354]
o [kvm] pvclock on i386 suffers from double registering (Glauber Costa) [561454 557095]
![Page 6: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/6.jpg)
o [pci] VF can't be enabled in dom0 (Don Dutile) [560665 547980]
o [kvm] kvmclock won't restore properly after resume (Glauber Costa) [560640 539521]
o [mm] prevent performance hit for 32-bit apps on x86_64 (Larry Woodman) [562746 544448]
o [fs] fix possible inode corruption on unlock (Eric Sandeen) [564281 545612]
o [gfs2] careful unlinking inodes (Steven Whitehouse ) [564288 519049]
o [gfs2] gfs2_delete_inode failing on RO filesystem (Abhijith Das ) [564290 501359]
o [net] e1000e: fix broken wol (Andy Gospodarek) [559335 557974]
o [net] gro: fix illegal merging of trailer trash (Herbert Xu) [561417 537876]
o [xen] hook sched rebalance logic to opt_hardvirt (Christopher Lalancette ) [562777 529271]
o [xen] crank the correct stat in the scheduler (Christopher Lalancette ) [562777 529271]
o [xen] whitespace fixups in xen scheduler (Christopher Lalancette ) [562777 529271]
o [scsi] cciss: ignore stale commands after reboot (Tomas Henzl ) [562772 525440]
o [scsi] cciss: version change (Tomas Henzl ) [562772 525440]
o [scsi] cciss: switch to using hlist (Tomas Henzl ) [562772 525440]
o [net] bonding: allow bond in mode balance-alb to work (Jiri Pirko ) [560588 487763]
o [net] e1000e: fix WoL on 82577/82578 (Jiri Pirko ) [543449 517593]
o [net] e1000: fix rx length check errors (Neil Horman) [552137 552138] (CVE-2009-4536)
o Revert: [net] e1000, r9169: fix rx length check errors (Cong Wang ) [550914 550915]
![Page 7: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/7.jpg)
o [fs] jbd: fix race in slab creation/deletion (Josef Bacik) [553132 496847]
o openssl: always check return value of bn_wexpand (CVE-2009-3245)
5.1.8 : Part Number 91-0950278-A--------------------------------
New and improved
o pciutils: update to 2.2.3 with newer hwdata
Bugfixes
o cgconfig: use correct umask when creating new files (#79731)
o kernel:
o [fs] fix pipe null pointer dereference (CVE-2009-3547)
o [security] require root for mmap_min_addr (CVE-2009-2695)
o [net] r8169: balance pci_map/unmap pair, use hw padding (CVE-2009-3613)
o [nfs] knfsd: fix NFSv4 O_EXCL creates (CVE-2009-3286)
o [md] prevent crash when accessing suspend_* sysfs attr (CVE-2009-2849)
o [net] udp: socket NULL ptr dereference (CVE-2009-2698)
o [net] make sock_sendpage use kernel_sendpage (CVE-2009-2692)
o [net] tun/tap: open /dev/net/tun and then poll() it fix (CVE-2009-1897)
o [net] tg3: 5785F and 50160M support
o [scsi] qla2xxx: updates 25xx firmware to 4.04.09
o [scsi] qla2xxx: updates 24xx firmware to 4.04.09
o [net] e1000e: update to upstream version 1.0.2-k2
o [net] bnx2x: update to 1.48.105
o [scsi] megaraid: update megasas to 4.08-RH1
o [scsi] aacraid: update to 1.1.5-2461
o [scsi] MPT fusion: update version 3.04.07rh v2
o [net] bonding: update to upstream version 3.4.0
![Page 8: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/8.jpg)
o [net] ixgbe: update to upstream version 2.0.8-k2
o [net] igb: update to upstream version 1.3.16-k2
o [agp] zero pages before sending to userspace
o [net] tg3: update to version 3.96
o [scsi] MPT Fusion: update to version 3.04.07rh
o [net] bnx2: update to latest upstream - 1.9.3
o [net] forcedeth: update to upstream version 0.62
o [misc] hrtimer: fix a soft lockup (CVE-2007-5966)
o [net] r8169: fix crash when large packets are received (CVE-2009-1389)
o [ptrace] fix do_coredump vs ptrace_start() deadlock (CVE-2009-1388)
o [net] e1000: fix skb_over_panic (CVE-2009-1385)
o [nfs] v4: client handling of MAY_EXEC in nfs_permission (CVE-2009-1630)
o [fs] cifs: fix pointer and checks in cifs_follow_symlink (CVE-2009-1633)
o [fs] cifs: fix error handling in parse_DFS_referrals (CVE-2009-1633)
o [sched] accurate task runtime accounting (CVE-2007-3719)
o [sched] rq clock (CVE-2007-3719)
o [x86] scale cyc_2_nsec according to CPU frequency (CVE-2007-3719)
o [i386] untangle xtime_lock vs update_process_times (CVE-2007-3719)
o [x86_64] clean up time.c (CVE-2007-3719)
o [misc] add some long-missing capabilities to CAP_FS_MASK (CVE-2009-1072)
o [fs] cifs: unicode alignment and buffer sizing problems (CVE-2009-1439)
o [fs] rebase ext4 and jbd2 to 2.6.29 codebase (CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748)
![Page 9: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/9.jpg)
o [misc] exit_notify: kill the wrong capable check (CVE-2009-1337)
o [ptrace] audit_syscall_entry to use right syscall number (CVE-2009-0834)
o [net] memory disclosure in SO_BSDCOMPAT gsopt (CVE-2009-0676)
o [misc] minor signal handling vulnerability (CVE-2009-0028)
o [security] keys: introduce missing kfree (CVE-2009-0031)
o [block] enforce a minimum SG_IO timeout (CVE-2008-5700)
o [fs] ext[234]: directory corruption DoS (CVE-2008-3528)
o sysklogd: fix handling of SIGHUP (#80800)
o wget: update to 1.11.4 (CVE-2009-3490)
5.1.7 : Part Number 91-0950139-A--------------------------------
New and improved
o cg-startup: save system time to hardware clock on shutdown
o iproute2: allow adjusting of initial congestion window size
Bugfixes
o kernel:
o [fs] ecryptfs: check tag 11 packet literal data buffer size (CVE-2009-2406)
o [fs] ecryptfs: check tag 3 packet encrypted key size (CVE-2009-2407)
o [misc] personality handling: fix PER_CLEAR_ON_SETID (CVE-2009-1895)
o [misc] hrtimer: fix a soft lockup (CVE-2007-5966)
o [net] r8169: fix crash when large packets are received (CVE-2009-1389)
o [ptrace] fix do_coredump vs ptrace_start() deadlock (CVE-2009-1388)
o [net] e1000: fix skb_over_panic (CVE-2009-1385)
![Page 10: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/10.jpg)
o fix unintialised sendpage ops resulting in null pointer dereference (CVE-2009-2692)
o build pppoe as module, disable SCTP
o [net] prevent null pointer dereference in udp_sendmsg (CVE-2009-2698)
o [net] make sock_sendpage use kernel_sendpage (CVE-2009-2692)
o fix possible crash in udp (CVE-2009-2698)
o fix information leak in llc (CVE-2009-3001)
o fix information leak in various protocols (CVE-2009-3002)
o libxml2: Fix a couple of crashes (CVE-2009-2414, CVE-2009-2416)
o openssh: add fix for syslog inside signal handler (CVE-2008-4109)
o pyton:
o Multiple integer overflows in python core (CVE-2008-2315)
o Multiple integer overflows discovered by Google (CVE-2008-3143)
o Multiple buffer overflows in unicode processing (CVE-2008-3142)
o Potential integer underflow and overflow in the PyOS_vsnprintf C API function (CVE-2008-3144)
o imageop module multiple integer overflows (CVE-2008-4864)
o stringobject, unicodeobject integer overflows (CVE-2008-5031)
o imageop module heap corruption (CVE-2007-4965)
5.1.6 : Part Number 91-0950009-A--------------------------------
Bugfixes
o bind: fix denial of service (server crash) caused by receipt of a specific remote dynamic update message (CVE-2009-0696)
o cgconfig:
o re-create extlinux config on syslinux update
o restore old tcp_rmem settings (#80517)
![Page 11: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/11.jpg)
o kernel:
o fix PER_CLEAR_ON_SETID (CVE-2009-1895)
o nfs v4: client handling of MAY_EXEC in nfs_permission (CVE-2009-1630)
o cifs: fix pointer and checks in cifs_follow_symlink (CVE-2009-1633)
o cifs: fix error handling in parse_DFS_referrals (CVE-2009-1633)
o cifs: buffer overruns when converting strings (CVE-2009-1633)
o cifs: unicode alignment and buffer sizing problems (CVE-2009-1439)
o add some long-missing capabilities to CAP_FS_MASK (CVE-2009-1072)
o zero pages before sending to userspace (CVE-2009-1192)
o syslinux: correct kernel ordering in extlinuxconfig
5.1.5 : Part Number 91-0949971-A--------------------------------
Bugfixes
o fixed bootloader problem on some appliances (#80475)
o fixed cache for clean installation (#80480)
o fixed stack overflow in dhcp client
5.1.4 : Part Number 91-0949871-A--------------------------------
New and improved
o support cciss hard disks
o switch bootloader to extlinux
o update to kernel 2.6.18
Bugfixes
o heartbeat: make IPaddr2 more robust (#80075, #80176)
5.1.3 : Part Number 91-0949770-A--------------------------------
![Page 12: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/12.jpg)
Bugfixes
o openssl: - Fix crash in ASN1_STRING_print_ex (CVE-2009-0590)
o kernel:
o fix 4 bit apicid assumption
o asn1: additional sanity checking during BER decoding (CVE-2008-1673)
o TCP: Fix shrinking windows with window scaling
o fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
o mm: trim more holes (CVE-2008-0598)
o ruby: fix memory leak in regex module
o krb5: fix multiple vulnerabilities:
o MITKRB5-SA-2007-004 kadmind affected by multiple RPC library vulnerabilities (CVE-2007-2442, CVE-2007-2443)
o MITKRB5-SA-2007-005 kadmin vulnerable to buffer overflow (CVE-2007-2798)
o MITKRB5-SA-2007-006 kadmind RPC lib buffer overflow, uninitialized pointer (CVE-2007-3999)
o MITKRB5-SA-2008-001 double-free, uninitialized data vulnerabilities in krb5kdc (CVE-2008-0062, CVE-2008-0063)
o MITKRB5-SA-2008-002 array overrun in RPC library used by kadmin (CVE-2008-0947, CVE-2008-0948)
o MITKRB5-SA-2009-002 fix denial of service via memory corruption (CVE-2009-0846)
5.1.2 : Part Number 91-0949621-A--------------------------------
Bugfixes
o openssl: Fix certificate verification bypass for DSA and ECDSA keys (CVE-2008-5077)
5.1.1 : Part Number 91-0949483-A--------------------------------
New and improved
o added hsmagent
![Page 13: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/13.jpg)
o add support for bonding devices
o add support for port forwarding
o NCipher HSM support
Bugfixes
o kernel: update tg3 driver to v3.86b (#79207)
o libxml2:
o fix recursive entities handling (CVE-2008-3281)
o fix two integer overflow vulnerabilities (CVE-2008-4225, CVE-2008-4226)
o repair serial console access (#79682)
5.1.0 : Part Number 91-0948835-A--------------------------------
New and improved
o socks proxy
o openrdate
o htop
o ifstat
Bugfixes
o bind: update to 9.3.5-P1 including query port randomization (CVE-2008-1447)
o openldap: fix flaw in ASN.1 decoder (CVE-2008-2952)
o openntpd:
o update to 3.9p1
o do settimeofday unconditionally on startup
o openssh: support key blacklisting
o ruby:
o WEBrick CGI source disclosure (CVE-2008-1891)
o Integer overflow in rb_str_buf_append() (CVE-2008-2662)
![Page 14: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/14.jpg)
o Integer overflow in rb_ary_store() (CVE-2008-2663)
o Unsafe use of alloca in rb_str_format() (CVE-2008-2664)
o Integer overflow in rb_ary_splice() (CVE-2008-2725)
o Integer overflow in rb_ary_splice() (CVE-2008-2726)
o fix regressions caused by security fixes
5.0.11 : Part Number 91-0949021-A---------------------------------
Bugfixes
o kernel: randomize UDP source port (#79288)
5.0.10 : Part Number 91-0948905-A---------------------------------
Bugfixes
o kernel:
o fix crash when unplugging USB-PS/2 adapter (#79171)
o fix crash when handling fragmented esp packets (CVE-2007-6282)
o net-snmp:
o fix authentication bypass (#79201) (CVE-2008-0960)
o fix buffer overflow in perl module (CVE-2008-2292)
5.0.9 : Part Number 91-0948708-B--------------------------------
Bugfixes
o gnutls: fix three security issues in gnutls handshake (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950)
5.0.9 : Part Number 91-0948708-A--------------------------------
Bugfixes
o bind: fix off by one in inet_network (CVE-2008-0122)
o boost: regular expression input validation fix (CVE-2008-0171, CVE-2008-0172)
o bzip2: update to 1.0.5 (fixes CVE-2008-1372)
![Page 15: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/15.jpg)
o cgconfig: fix cgctl not disabling heartbeat daemon
o e2fsprogs: update to 1.40.4-owl1 (fixes CVE-2007-5497)
o gnupg: update to 1.4.9
o glibc:
o fix glob stack overflow (#78847)
o update timezone data to tzcode2008a and tzdata2008b (#78999)
o net-snmp: pull latest updates from centos 5, includes fix for CVE-2007-5846 and others:
o fix crash when smux communication fails
o fix icmpStatsTable
o fix snmpwalk / bulkwalk on TCP scalars
o fix bulkwalk security flaw (CVE-2007-5846)
o fix IP address size on 64 bit platforms
o fix compilation of new MIBs on non-intel architectures
o fix -M option of net-snmp-utils
o fix sending SNMPv1 traps on v2 connections
o build with rpm-devel to support HOST-RESOURCES-MIB::hrSWInstalled
o store pid in /var/run/snmpd.pid
o fix wrong sprintf in path generation
o fix too verbose snmpassert
o fix perl bulkwalk
o extend ipv6 support of some MIBs
o openssh: don't use X11 port which can't be bound on all IP families (CVE-2008-1483)
o perl: fix a heap overflow in the UTF-8 regexp compiler (CVE-2008-1927)
o python:
o fix buffer overflow in PyString_FromStringAndSize
![Page 16: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/16.jpg)
(CVE-2008-1887)
o fix buffer overflow in zlib module (CVE-2008-1721)
o sed: update to 4.1.5 (from openwall-stable)
o unzip:
o fix invalid pointer flaw (CVE-2008-0888). Discovered by Travis Ormandy of the Google Security Team.
o fix race condition that allows local users to modify permissions of arbitrary files (CVE-2005-2475)
o fix buffer overflow with long filenames (CVE-2005-4667)
5.0.8 : Part Number 91-0948617-A--------------------------------
New and improved
o heartbeat support
o iptables: add CLUSTERIP support
o kernel:
o add IP virtual server support
o netfilter: add CLUSTERIP support
o SCSI/SATA/SAS backports (aacraid, aic7xxx, aic94xxx, cciss, ICH9, megaraid, MPT Fusion, qla2xxx)
o driver updates (e1000, tg3, bnx2)
o add bonding driver support
o vesa framebuffer console support
Bugfixes
o kernel: update to 2.6.16.60 including the following changes:
o wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
o Use access mode instead of open flags to determine needed permissions (CVE-2008-0001)
o aacraid: fix security weakness
o lm87: fix division by zero
![Page 17: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/17.jpg)
o tmpfs: restore missing clear_highpage (CVE-2007-6417)
o Handle bogus %cs selector in single-step instruction decoding (CVE-2007-3731)
o vfs: coredumping fix (CVE-2007-6206)
o libxml2: fix denial of service vulnerability (CVE-2007-6284)
o ncurses: make xterm-new the default xterm entry in terminfo
o pcre: several reliability fixes (CVE-2006-7224, CVE-2006-7225, CVE-2006-7226, CVE-2006-7230)
o ruby: fix directory permissions
o vim: disallow system() function in modelines (CVE-2007-2438)
5.0.7 : Part Number 91-0948023-A--------------------------------
Bugfixes
o cpio: fix stack overflow in safer_name_suffix (CVE-2007-4476)
o curl: update to 7.17.1
o elinks: don't reveal POST data to HTTPS proxy (CVE-2007-5034)
o kernel: Update to 2.6.16.57, including following changes:
o Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)
o random: several fixes (CVE-2007-2453, CVE-2007-3105)
o sysfs: store sysfs inode nrs in s_ino to avoid readdir oopses (CVE-2007-3104)
o NET: Zero length write() on socket should not simply return 0.
o hugetlb: fix prio_tree unit (CVE-2007-4133)
o Don't allow the stack to grow into hugetlb reserved regions (CVE-2007-3739)
o IPv6: fix slab corruption
o IPv6: send ICMPv6 error on scope violation according to RFC 4007
o Use default 32768-61000 outgoing port range in all cases
![Page 18: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/18.jpg)
o Netfilter: nf_conntrack: don't track locally generated special ICMP error
o Enable message signaled interrupts
o Fix security hole in aacraid (CVE-2007-4308)
o openssl:
o Fix off-by-one buffer overflow in SSL_get_shared_ciphers() (CVE-2007-5135)
o Fix Montgomery multiplication to prevent side-channel attack to retrieve private RSA keys. (CVE-2007-3108)
o ncurses: make xterm-new the default xterm entry in terminfo
o pcre: fix regular expression parsing flaws. (CVE-2007-1659, CVE-2007-1660)
o perl: fix regular expression engine flaw found by Tavis Ormandy and Will Drewry (CVE-2007-5116)
o python: fix possible exploitable integer overflow (CVE-2007-4965)
o rpm: set default 0022 umask value always
o rsync:
o update to 2.6.9
o Applied patch from Sebastian Krahmer to fix two off by one stack overflows (CVE-2007-4091).
o ruby: update to 1.8.6p111, fixes Net::HTTPS Vulnerability (CVE-2007-5162)
o tar: fix stack overflow in safer_name_suffix (CVE-2007-4476)
o util-linux: drop privileges properly when calling helpers in (u)mount. (CVE-2007-5191)
o vim:
o Fix format string vulnerability. (CVE-2007-2953)
o Dissallow system() function in modelines (CVE-2007-2438)
5.0.6 : Part Number 91-0947719-A--------------------------------
New and improved
o installer: Support for multiple hard disks
![Page 19: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/19.jpg)
o kernel: add oprofile support for newer CPUs
Bugfixes
o bind: update to 9.3.4-P1, resolves weakness in query id generator (CVE-2007-2926)
o tcpdump: update to 3.9.7
o fixes CVE-2007-3798: BGP dissector integer overflow
o fixes CVE-2007-1218: potential buffer overflow in ieee802.11 printer
5.0.5 : Part Number 91-0947176-A--------------------------------
New and improved
o Installer:
o Use first hard disk instead of biggest one for installing the base system
o Separate /var and /tmp partitions, drop /var/log/dump partition, mount /var and /tmp with nosuid,nodev
Bugfixes
o cgconfig:
o add sanity checks for timezone setting
o don't overwrite configuration files without preserving content (#77949)
o file: Fix potential heap overflow in file_printf of libmagic (CVE-2007-1536)
o kernel: Update to 2.6.16.yy, including following changes:
o util-linux: several bugfixes
o fix potential null pointer dereference in umount (CVE-2007-0822)
o fix potential pam modules bypass in login (CVE-2006-7108)
o fix nologin segfault
o backported flock(1) from util-linux-2.13-pre7
o correct cal -3 formatting
![Page 20: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/20.jpg)
5.0.4 : Part Number 91-0947113-A--------------------------------
Bugfixes
o elinks: Don't look for gettext message catalogs in relative pathes (CVE-2007-2027)
o grep: several reliability fixes
o kernel: Update to 2.6.16.51, including the following changes:
o netfilter: do not modify/corrupt GREv0 packets through NAT
o IPv6: Disallow RH0 by default (CVE-2007-2242)
o Infinite recursion in netlink (CVE-2007-1861)
o Update to 2.6.16.49, including following changes:
o hrtimer: prevent overrun DoS in htrtimer_forward()
o skge/sky2: turn carrier off when down
o NET_SCHED cls_basic: fix memory leak in basic_destroy
o Fix UDP checksum issue in net poll mode
o tty_io: fix race in master pty close/slave pty close path
o python: Fix strxfrm leak (CVE-2007-2052)
5.0.3 : Part Number 91-0946965-A--------------------------------
New and improved
o kernel: add support for kprobes
o glibc: add nscd package
Bugfixes
o bash: fix redundant RLIMIT_LOCKS
o cgconfig: handle static host routes correctly
o gnupg: update to 1.4.7, including fix for an unsigned data injection vulnerability (CVE-2007-1263)
o kernel: update to 2.6.16.46, including the following changes:
o Fix NULL pointer derefrence in cls_basic
![Page 21: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/21.jpg)
o Fix endless loop caused by inaccurate qlen counter
o Fix madvise infinite loop
o Fix multiple md bugs
o TCP: Fix sorting of SACK blocks
o TCP: skb is unexpectedly freed.
o Fix bad_inode_ops memory corruption (CVE-2006-5753)
o Fix key serial number collision handling (CVE-2007-0006)
o Prevent pseudo garbage in SYN's advertized window
o Fix ext3 block bitmap leakage
o IPv6: Handle np->opt being NULL in ipv6_getsockopt_sticky(). (CVE-2007-1000)
o IPV6: Fix for ipv6_setsockopt NULL dereference
o IPV6: fix ipv6_getsockopt_sticky copy_to_user leak
o Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
o Netfilter: fix several null pointer derefences, leaks and bugs
o krb5: fix multiple vulnerabilities (CVE-2007-0956, CVE-2007-0957, CVE-2007-1216)
5.0.2 : Part Number 91-0946623-A--------------------------------
New and improved
o kernel: add PAE support to make use of NX/XD
o kernel: add MCE checks
Bugfixes
o bash: update to 3.1 patchlevel 17
o bind: update to 9.3.4 (CVE-2007-0493, CVE-2007-0494)
o glibc: update timezone data to tzdata 2007a
o gnupg: update to 1.4.6, fixing stack overwrite vulnerability (CVE-2006-6235) and buffer overflow in openfile.c (CVE-2006-6169)
![Page 22: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/22.jpg)
o kernel:
o Fix fdset memleak
o Fix race condition in usermodehelper
o Fix ip6_tables extension header bypass bug (CVE-2006-4572)
o Fix ip6_tables protocol bypass bug (CVE-2006-4572)
o Fix lockup via /proc/net/ip6_flowlabel (CVE-2006-5619)
o TCP: Don't use highmem in tcp hash size calculation.
o IPv4: Limit rt cache size properly
o Don't allow chmod() on the /proc/<pid>/ files
o TG3: Fix array overrun in tg3_read_partno().
o security/seclvl.c: fix time wrap (CVE-2005-4352)
o Reduce ACPI verbosity on null handle condition
o Fix possible overflow in bridge code (CVE-2006-5751)
o Fix checks for bad address in binfmt_elf
o Fix bridge-netfilter memory overwrite
o Fix possible deadloop in ipv4 fib_semantics.c
o Handle corrupted cramfs filesystems (CVE-2006-5823)
o Handle ext3 directory corruption better (CVE-2006-6053)
o From MOKB: handle corrupted ext2 better (CVE-2006-6054)
o From MOKB: handle corrupted hfs filesystem (CVE-2006-6056)
o Fix ipv4/ipv6 device initialization
o grow_buffers infinite loop fix (CVE-2006-5757/CVE-2006-6060)
o Save/restore eflags in context switch (CVE-2006-5173)
o Fix incorrect user space access locking in mincore() (CVE-2006-4814)
o krb5: update to 1.4.4 + fixes (CVE-2006-3083, CVE-2006-3084, CVE-2006-6143)
o openssh: Unspecified vulnerability in the sshd Privilege
![Page 23: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/23.jpg)
Separation Monitor (CVE-2006-5794), LoginGraceTime denial of service (CVE-2004-2069), Signal handler race condition (CVE-2006-5051)
o openssl: Buffer overflow in the SSL_get_shared_ciphers (CVE 2006-3738), get_server_hello denial of service (CVE-2006-4343)
o python: fix unicode repr bug (CVE-2006-4990)
o rpm: fix buffer overflow in showQueryPackage (CVE-2006-5466), fix check-prereqs
o ruby: update to 1.8.5p2 (CVE-2006-5467, CVE-2006-6303)
o screen: fix UTF-8 combining characters handling (CVE-2006-4573)
o tar: fix symlink vulnerability (CVE-2006-6097)
o texinfo: fix heap overflow in texindex (CVE-2006-4810)
o wget: fix double free, denial of service in ftp (CVE-2006-6719)
o Use update proxy for appliance updates (77154)
5.0.1 : Part Number 91-0946552-A--------------------------------
Bugfixes
o cgconfig: wait a small period of time for usbstick on boot when applying external config.xml (77271)
o Set symlinks to LDAP libraries (77067)
5.0.0 : Part Number 91-0946258-A--------------------------------
New and Improved
o First release of CgLinux 5 Series
o Kernel 2.6.16
o Glibc 2.3.6
o gcc 3.4.6
o Online package update mechanism based on rpm/yum
McAfee Web Gateway 6.x======================
This file contains the new features, changed features and bugs thathave been fixed for version 6.x of the McAfee Web Gateway product. For
![Page 24: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/24.jpg)
additional tips and information, see the Webwasher Online Help and/orUser Guide.
6.9.1 build 12571: Part Number 91-0950194-E-------------------------------------------
New and Improved
Bugs Fixed
o Big sqlite database "wwwp" causes welcome page to fail (81760)
o System crash, an unhandled ACCESS_VIOLATION exception (81755)
o With SafeSearch enabled, some cookied were removed from the request (81754)
o Failure of log transfer over FTP may create duplicate files at the FTP server (81747)
o Dashboard not shown in IE6 (81740)
o Internal error while accessing a website with SSL Scanner enabled using self signed certificates (81737, 81739)
o "wwauth still busy" error messages appear in the logs (81734)
o Custom header gets duplicated (81733)
o Incorrect command syntax in system configuration documentation for removing stale nodes (81702)
o Valid archive blocked as corrupt (81689)
o "Can not load CRL" messages appear in the logs (81660)
o Proactive Scanning Database version in Overview always set to zero (81549)
6.9.0 build 11742: Part Number 91-0950194-D-------------------------------------------
New and Improved
o RootCA certificate handling (81703)
o New help page added explaining the update server concept (81629)
Bugs Fixed
o No revoked certificates for some CAs (81662)
o Can not load CRL error for CRLs which work in the browser (81660)
![Page 25: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/25.jpg)
o System crash, an unhandled ACCESS_VIOLATION exception (81643)
o MWG on Windows crashes frequently (81678)
o POST protocol failure with 100 continue (81624)
o server_ip is not logged in proxy with HTTP 502 response (81683)
o max-age in 304 response not used for cache time (81701)
o SpamEquator update failed: Could not find all the files (81655)
o Too many "Cannot load CRL" entries in errors.log (81676)
o Valid archive blocked as corrupt (81689)
o A specific file which cannot be scanned by Avira engine is not blocked (81692)
o SNMP counter issue (81649)
o Upgrade Trusted source library to 2.0.6.01 (81724)
6.9.0 build 11282: Part Number 91-0950194-C-------------------------------------------
New and Improved
Bugs Fixed
o After upgrade clients are not following redirect to auth server (81675)
o 6.9 upgrade breaks CM site instances (81673)
o Unable to Join Central Management After Upgrading to 6.9 (81670)
6.9.0 build 10927: Part Number 91-0950194-B-------------------------------------------
New and Improved
Bugs Fixed
o Cannot load legacy AV after upgrade to 6.9 (81647)
o Customer Upgraded to 6.9 and Now the Application Terminates with termsignal=11 (81641)
o MWG sends 502 could not connect when accessing cached file (81636)
o Win7 clients NTLM auth fails through MWG 6.9 (81633)
![Page 26: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/26.jpg)
o Incorrect Behavior of "Cache Revalidation Rules" (81597)
o Central Management update failing, sites unsubscribed (81572)
o License change can lead to disabled AV scanning (81557)
6.9.0 build 10636: Part Number 91-0950194-A-------------------------------------------
New and Improved
o The following procedure must be completed to install MWG 6.9.0:
o - install the repository for MWG 6.9.0:
o - from a system console, log on to the appliance using SSH
o - run the following command:
o yum install yumconf-6.9
o - perform an update on the user interface or from a system console:
o - to update on the user interface:
o - go to Configuration > Appliance > Update
o - click the "Contact" button in section "Check for Updates"
o - from a system console, log on to the appliance using SSH
o - run the following command:
o yum upgrade
o
o Process of delayed login after login failure improved (81461)
o Load AV updates in background (81307, 81351)
o Remove tar files after centralized update (81239)
o Trusted Source Cloud Support (81111)
o Single automatic AV engine restart after "cannot load AV" error (80819, 81252, 81256)
o Prevent AV update being cancelled while it still downloads files (81121)
o Add option to ignore base McAfee AV engine although licensed (81120)
![Page 27: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/27.jpg)
o Input validation for 'content-length greater than' whitelist entry (81109)
o Handle eDirectory synchronization in background (81113)
o AV engine: possibility to re-start AV engine via SSH implemented (81036)
o Add system alert if Mailshell LiveFeed is not activated (81008)
o Memory Defragmentation and MP ICAP servers in maintenance mode cause "Cold Restart" SNMP Trap to be sent (80966)
o Attempt to recover connection to AD taking longer than 3 minutes (80942)
Bugs Fixed
o MWG adding extra line between headers and body (81540)
o Authentication server wwparam causes Ajax site to make bad request (81533)
o Quota issues (81499, 81431)
o Overload handling prints overload message mistakenly (81444)
o Override accounts are not visiable (81491)
o Auto-pushing failed sometimes (81472)
o McAfee Gateway Anti-Malware on Windows does not detect Eicar (81432)
o Central management deleting last ip mapping entry (81416)
o Downloaded exe file saved as zip archive on windows 7 (81413)
o Vulnerability CVE-2010-0405 (81399)
o Overload issue - Enhanced IFP worker & Output threads to be created with custom stack size (81395)
o Inspect certificate not working correctly (81393)
o Respmod Bypass List not working with assignment of a policy to a proxy port (81361)
o Client Certificate handling does not allow sending certificate chain (81282)
o Wrong media type detection with gmail (81330, 81348, 81364)
![Page 28: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/28.jpg)
o High memory under low load caused by big dashboard-database (81312)
o Threads in close_wait cause memory overload (81291)
o McAfee Gateway Anti-Malware Engine fails to load on debian (81287)
o Archive blocked because "content size greater than the defined size limit" (81274)
o ICAP Processes fail to load URL Filter list (81264)
o FTP communication problem - MWG closes connection after entering pasv mode (81269)
o Wrong media typ for embedded images in .ppt file (81258)
o Media type detection for URLs that can result in dynamic content (81240)
o MIB Browser not working on SLES 9 & 10 installation (81230)
o Unpacked archive size grows with defined limit (81221)
o Extended list manager unable to read "&" symbol (81201)
o Upload of jpg to cms fails (81188)
o Hanging actions: Cluster Node Job Queue and Persistent Quota Info Sync (81179)
o Google searches do not work with safesearch enforcer enabled (81171)
o Dashboard data not sticking within IE (6,7,8) (81167)
o WW requests -web.washer- were send to next hop (81150)
o The same CRL download url was added multiple times (81149)
o Centralized Management: after upgrading to 6.8.7, 3 of 8 nodes not subscribed to master (81144)
o Flag in the NTLMSSP_NEGOTIATE message (81143)
o Site UI port changed by Master when joined despite being exempted (81124)
o Blank known certificates authorities showing after upgrade (81103)
o Cache Settings mysteriously change in web interface when switching between tabs using Firefox (81101)
![Page 29: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/29.jpg)
o LDAP authentication: spaces break ldap browser (81100)
o Appliance crashing child process exited (termsignal=7) unable to start due to frequent failures (81099)
o Webwasher-csm.install contains unnecessary check if /usr is writeable (81092)
o MWG blocks a couple of LZH archives (81088)
o DNS Cache usages causes slow web performance (81063)
o Lot of application/ogg traffic (81062)
o Files in /opt/webwasher-csm mysteriously are deleted (81051)
o Less than character (<) breaking JIS encoding (81042)
o MP: IFP block page content not working with multiprocess (81034)
o Overload handling not kicking in, though enabled (81028)
o Welcome page: welcomeack.html only available for default policy (81025)
o Error template: http hard coded in connectnotallowed.html template (81021)
o Newly added CAs are not pushed to site instances properly (80817)
o Media Type Filter blocks .css files as application/x-pn-realmedia (81015)
o Crash during Cab archive processing (81011)
o Media type application/x-www-form-urlencoded could not get whitelisted (80997)
o Media type filter: application/x-msregedit files not detected correctly (80996)
o No Block_res code for embedded Objects filter (80987)
o Safesearch enforcer breaks google preferences (80972)
o Snmp category activity is incorrect (80967)
o Progress Page: Own Host Name -> Use other host or URL not working (80965)
o Memory Overload occurred with minimal load (80958)
o LDAP wizard creating "$attrlist$" and "Error: 0. Error
![Page 30: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/30.jpg)
description: " (80947)
o Authentication Server redirect does not work as expected for HTTPS pages on first redirect (80932)
o SQLITE database corrupted: No traffic passing through WebWasher (80931)
o Corrupt timeseries.ww causes non-recoverable termsignal 11 (80930)
o MWG detecting cab file as corrupt, able to extract with WinZIP 80929)
o GUI: Routes not displayed properly (80919)
o Authentication: threads stuck in 'Status=kAuthenticate', MWG eventually hangs (80873)
o FTP-over-HTTP fails with anonymous user if blank password is specified (80864)
o Archive as corrupted blocked (80850)
o MWG crashing with termsignal=11 on Suse9 (80715)
o Safe search breaks google trends (78574)
6.8.7 build 5820: Part Number 91-0950194-A------------------------------------------
New and Improved
Bugs Fixed
6.8.6 build 5788: Part Number 91-0950032-A------------------------------------------
New and Improved
o Improved stack size handling for auth server and end user port (80676)
o Change default settings for TrustedSource Web Reputation (80624)
o Home->Support should link to McAfee (80576)
o Improved Welcome Page functionality (80547, 79063)
o Add new certificates and hosts to SSL Scanner lists (80352, 80527)
Bugs Fixed
![Page 31: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/31.jpg)
o SSL Scanner bypass vulnerability on wildcard certificate check (80680)
o Endless loop in Cab archive (80652)
o SNMP traps for URL list updates not working (80648)
o Receiving "Download Cancelled" after clicking download button in IE7 (80647)
o Document Inspector System Alert will not disappear (80646)
o Prevent DOS attack to authentication server (80642)
o WW prints internal messages to errors log (80629)
o Advertising filter destroys JavaScript (80627)
o MP: Inconsistent IP mapping with Multi Process mode (80623)
o Microsoft Project file (.mpp extension) blocked as audio/mpeg (80622)
o WWoB: on master blade feedback scripts (started with "2") shows "lsof" related warnings (80615)
o Memory defrag script (80610)
o Download of gmx eMail attachments failed (80609)
o MPClusterControl unable to update nodes when Web Interface has IP restrictions (80608)
o Native NTLM: Group memberships get mixed up (80607)
o Crash when talking to ePO server (80606)
o "Detect unsolicited POSTs" will break forms (80591)
o Archive blocked as corrupted (80581)
o SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571, 80578)
o Must be able to handle multiple 100-Continue messages from web server (80567)
o Update from 6.7.6 to 6.8.5 broke settings.xml (80540)
o Long text causing page display issues (80539)
o Content type "application x-ms-application" is changed to "text/xml" (80530)
![Page 32: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/32.jpg)
o Real-time classifier blocks words containing unicode characters (80508)
o SNMP statistics are not accurate after multi-process is enabled (80479)
o Outdated Dynablocator directory and file is copied to all ICAP processes in MP (80474)
o Redirect via query string parameter on gui login page (80444)
o Potential cross-site scripting vulnerabilities in web UI (80442, 80443)
o Certain Generic Header Filter combination may crash MWG(80430)
o URL Executive Summary (80398)
o Drop downs for dashboards not displayed right in IE (80392)
o WCCP and overload protection not playing nice together (80342)
o Quota reset does not work from secure admin shell (80287)
o SafeSearch enforcer produces false positives (79898)
o Known Root CAs not synchronized in Cluster (79513)
o Download Canceled page always displayed in English (79326)
o eDirectory settings broken by cluster (78709)
o HTTP links in HTTPS blockpages (78634)
o Unwanted red warning for anonymous ldap bind (78612)
o Time and Date in web interface is reset after reboot (78085)
o WebUpload Filter active, even though not enabled (77079)
o Src_ip and auth_user are not working in the security.log (76236)
6.8.5 build 5330: Part Number 91-0949869-E------------------------------------------
Bugs Fixed
o Native NTLM: Group memberships get mixed up (80607)
o SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571)
o Various crashes in SSH command line interface (80522, 80524, 80523, 80616, 80621)
![Page 33: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/33.jpg)
6.8.5 build 5141: Part Number 91-0949869-D------------------------------------------
Bugs Fixed
o Memory is getting filled up in 3 minutes (80535)
o Incorrect group mapping using native NTLM-authentication (80528)
o Authentication problem with NTLM-agent (80515)
o Problems related to TCP window scaling occur for some sites after upgrading (80517)
o Problem with centralized A/V updates (80516)
o Role allows reading logs, but Webwasher is forbidding it (80504)
o Auto-pushing fails when using domain\user for the username field in the common push target (80495)
o Escape character for shockwave-flash media type not being treated properly (80490)
o Mpcluster control jumping between stati (80485)
o Files over 4 GB shows wrong size over FTP (80412)
6.8.5 build 5094: Part Number 91-0949869-C------------------------------------------
Bugs Fixed
o Not possible to initialise Generic Body Filter if Anti-Malware is not licensed (80513, 80521)
6.8.5 build 5051: Part Number 91-0949869-B------------------------------------------
New and Improved
o Ability to disable exploit protection against double Content-Length headers (80459)
Bugs Fixed
o FTP over FTP Client is not working after upgrade on 6.8.5 (80476)
o Option to add leading Slash in FTP Retr Command (78400)
o Download fails sporadically using Progress Pages (80041)
o Log pusher attempts to push files that no longer exist (80468)
![Page 34: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/34.jpg)
o Problems with log rotation and merging (80473)
o For clean installations on WW2900E cache cannot be enabled (80480)
o WW500 failed to boot after upgrade (80475)
o Sporadic Authentication Popup with Native NTLM (79684)
o Webwasher crashes in Authenticode Filter (80487)
6.8.5 build 4971: Part Number 91-0949869-A------------------------------------------
New and Improved
o Support Anti Malware engine with Proactive NG (79968) (NOTE: Requires an AV and a Proactive update after version upgrade)
o Log Manager: Ability to configure pushed log filename (80360)
o ICAP client: workaround for incompatible DLP servers (79839)
o Incremental update for McAfee AV engine (80333)
o Support WCCP "Weight" functionality (80423)
Bugs Fixed
o Too many 407 responses when using NTLM cache (80251, 79988)
o Central Management: running feedback from GUI froze master and sites (80385)
o Log Manager: Several improvements (80386, 80378, 80374, 80367, 80360, 80370, 80345, 80339, 80361)
o GUI: filter option overwrites routes (80369)
o SSL Scanner: error behavior in case of unicode encoded cn in transparent environment
o ICAP client: Reponse time increased after enabling multi processing (80363)
o TrustedSource: score still applied even though domain is whitelisted for spam filter (8035)
o Proxy: Improved Timeout values (79958)
o Welcome page may incorrectly build the submit action link (80285)
o Overload issues persist with 6.8.4 (80407, 80406, 80393)
![Page 35: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/35.jpg)
o Problem with custom action in Multi Process mode (80405)
o MP Control stopped maintanance after icap server crash (80415)
o Interrupted requests should be logged in proxy's access.log (80422)
o HA cluster is not working as expected (80176, 80075)
6.8.4 build 4798: Part Number 91-0949750-A------------------------------------------
New and Improved
o Increase performace on WW1900 and WW2900 (79911, 79912, 79913, 79915 79921, 79922, 79923)
o Reduced Memory consumption per open connection (80113)
o Support McAfee's ePolicy Orchestrator (ePO) (79918)
o Rebranding to McAfee (79924)
o Increase robustness against AV update issues (79920, 79939, 79940, 79975)
o Log file push enhancements (79914)
o Execute feedback.sh from the GUI (77850)
o Memory Defragmentation options added (79871)
o Support cache_status and block_res in custom logfiles (78232)
o Parent proxy policy enhancement for URL AND IP subnet (79803)
o NTLM Cache should be a GUI option (79900)
o Show time interval length in Dashboard (78977)
o Default Respmod Whitelist for problematic sites (80293)
Bugs Fixed
o Too many 407 responses when using NTLM cache (80251, 79988)
o SNMP variables do not reset automatically (80026)
o Login page is missing error message when bad credentials are entered (80020)
o Breaking connection to AD on error STATUS_INVALID_WORKSTATION (80023)
![Page 36: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/36.jpg)
o Authentication failing with mutilple NTLM agents (80017)
o File incorrectly identified as audio/mpeg (79961)
o E-Mail attachments(.XLS or .PPT) are blocked by Media Type Filter as mpeg (79938)
o Cannot join WW to domain with trusted credentials (79878)
o RADIUS password limits at 16 characters (79845)
o Web Upload Filter: size limit without effect (79925)
o Web Upload Filter works although Media Type Filter is switched of (79869)
o SNMP: unexpected CPU idle values (79751)
o New timeout for initial request on a connection (80066)
o Obfuscate username/password in authorized override url (80024)
o Usernames with umlauts or rings cannot authenticate via native NTLM (79999)
o FTP-Problem Webwasher loses the credentials (79989)
o WebWasher problems due to hanging action - Mobile Code Filter Update (79907)
o SSLScanner: No timeout when upstream proxy is used (79906)
o Crash in document inspector (79902)
o Old av updates not getting deleted (secure antimalware) (79876)
o Not all 'Certificate Subject Alt Name' entries passed, resulting in certificate prompt in browser (79867)
o AV license bug - update fails when the first AV module runs out of date (79826)
o Crash during multi-threading processing of Rar archive (79814)
o CCacheSocket::ReadPreviewData corrupts content when called more than once (79811)
o webwasher delivering truncated content (79809)
o Crash in Cache::CWebObject::~CWebObject (79793)
o Termsignal 11 crashes related to CLI access under heavy load (79775)
![Page 37: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/37.jpg)
o WW delivers corrupt tar archive even when policy is set to block corrupted archives (79765)
o asctime, ctime, gmtime && localtime not threadsafe (79761)
o AntiVirus update didn't abort in time (79753)
o Termsignal 11 backtrace points to CCabDecoder::GetLzxBitsBuffer (79748)
o Termsignal 7: Bus error during Sophos update (79742)
o crash (termsig=11) in std::_Rb_tree_rotate_right (79706)
o Read-Only User Accounts can't access log files via web access (79701)
o LRU blocks after restart with full cache and constant load (79700)
o Webwasher unable to start another thread, termsignal=6 (79665)
o Cannot load certificate for web interface IP address (79625)
o WW is crashing with termsignal=7 directly after start (79623)
o HTTP Error 401.2 when NTLM Auth on Webwasher and Webserver (79612)
o Content Type ".ods/mimetype" is changed to "." (79609)
o Unwanted Mediatype not blocked when in TAR Archive (79606)
o Secure Administration Shell fails to accept large input files (79544)
o Raw post option doesn't stick (79509)
o Webwasher changed response body (79236)
o XML parsing error because of header modification (78989)
o Web reputation level not always logged correctly (79897)
o Invalid Proxy Request when downloading HTTPS file with enabled volume quota and transparent proxy (80034)
o Office 2007 Excel files blocked by magic bytes (79102)
6.8.3 build 4533: Part Number 91-0949361-C------------------------------------------
New and Improved
![Page 38: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/38.jpg)
o Ability to downgrade to HTTP/1.0 on a per url basis (79205)
o SSL Scanner: Different redirect handling for CERTVERIFY requests when transparent authentication has expired (79841)
o Additional RESPMOD bypass options (80001)
Bugs Fixed
o Policymapping: Problem with policy names (79864)
o Proxy/ICAP Server: Hanging threads (79840)
o AV-Update: New updates should not abort old updates too early (79975)
o SSL-Scanner: No timeout when upstream proxy is used (79906)
o Archiver: Crash during multi-threading processing of Rar-Achive (79814)
o Document Inspector: Crash in Document inspector (79902)
o Filter Engine: Wewasher crashed with termsignal 11 (79945)
o ICAP Server: "Send Body in one Frame" not always working (79978)
o ICAP Server: Optimized 204 response messages (79890)
6.8.3 build 4311: Part Number 91-0949361-B------------------------------------------
New and Improved
o openssl: Address CVE-2008-5077
o Webcache: Accelerate Webwasher restart
Bugs Fixed
o GUI: Problems with check boxes in user based mapping (79822)
o Authentication: In special cases NTLM authentication causes browser loop (79821)
6.8.3 build 4214: Part Number 91-0949361-A------------------------------------------
New and Improved
o HSM module support for nCipher
o Proxy: WCCP L2 Mask assignment support
![Page 39: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/39.jpg)
o Built-in resilience in spike overload situations
o Authentication: Native NTLM support for Windows Server 2008 AD (79567)
o Authentication: Better handling for wrong NTLM messages based on a Windows problem described in http://support.microsoft.com/kb/312176/en-us (79723)
o Prevent XSS with Progress Pages (79531)
o Proxy: Prevent connect to http://0.0.0.0:xx (79530)
o Close download connection for proxy.pac files right after delivering (79709)
o Feedback Script: New log level for collecting statistical information
Bugs Fixed
o Webcache: Hanging connections if client or server dies (79599)
o Webcache: Increasing number of threads causing memory exhaustion (79573)
o Webcache: Sporadic race condition (79719)
o Configuration: After upgrade to 6.8.2 serial console access unavailable (79682)
o GUI: Timezone selection (78556)
o SNMP: Crash in SNMP if file handle over 1024 (79775)
o Proxy: Webwasher crashes with Termsignal 11 (79671)
o Proxy: FTP over HTTP can't handle some symbols in file/folder names (79451)
o Proxy: Crash in IFP server for invalid request (79760)
o Proxy: Sporadic problems with early web server connection close (e.g. www.iltalehti.fi) (79417)
o ICAP Server: Communication error when transparent auth session expired + CERTVERIFY request (79675)
o ICAP Server: Cannot download huge files (79514, 79699)
o ICAP Server: Download via Progress Page results to 0 Byte download (79556)
![Page 40: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/40.jpg)
o Anti Malware: Failover does not work if engine could not be loaded (79677)
o Authentication: WW can't join AD domain if DCs allow only NTLMv2 (79533)
o Authentication: NTLM with Authserver - taking 5 seconds to authenticate (79508)
o Authentication: Selecting RADIUS as "accepted authentication method" causes failed authorization (79101)
o Authentication: Handle failed group lookups better for Native NTLM (79223)
o Authentication: Sporadic Authentication Popup with Native NTLM (79684)
o Document Inspector: Webwasher crashed, Backtrace points to CXMLTypeChecker (79669)
o Document Inspector: Cab file inside of MSI blocked as corrupted (79560,79384)
o Document Inspector: Endless loop in document inspector (77966)
o Document Inspector: Special Powerpoint documents not recognized (78755)
o Document Inspector: Text categorization does not work for pdf files (79744)
o Document Inspector: Webwasher crashed during unload of XML parser (78981)
o Archiver: Archive is claimed to be over allowed size limit (79595)
o Archiver: Crash if zip archive larger than 2GB (79596)
o GUI: Cannot load certificate for web interface IP address (79625)
o Secure Administration Shell: Crash in shutdown under circumstances (79600)
o Mail Gateway: Inbound queue overflowed result in crash (79650)
o Mail Gateway: Deleting parts from email (79319)
o Embedded Objects: ActiveX controls not getting blocked (79648)
o Central Management: Hanging Cluster Node Job Queue action (79641)
o Central Management: Cluster Node Job Queue action hangs (79683)
![Page 41: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/41.jpg)
o Mediatype Filter: Detection of streaming media improved (79594)
o SSL Scanner: Send whole certificate chain for incoming TLS connections (79591)
o SSL Scanner: Timeout for tunneled SSL connections (79603)
o URL Filter: Ignored if policy has spaces in it (79332)
o URL Filter: Safe Search Enforcer does not handle video.google correctly(79487)
o Termsignal 11 on Solaris 10 (79472)
6.8.2 build 3994: Part Number 91-0949324-C
New and Improved
o Feedback Script: New parameter to prevent pausing Webwasher while getting backtrace
Bugs Fixed
o Anti Virus: Crash during update of McAfee engine (79160)
o ICAP Client: Termsignal 11 or 6 while recreating "internal" ICAP service (79559, 79475, 79111)
6.8.2 build 3963: Part Number 91-0949324-B------------------------------------------
Bugs Fixed
o Webcache: Restarting with Termsignal=11 (79537, 79545, 79160, 79547, 79548, 79526)
6.8.2 build 3889: Part Number 91-0949324-A------------------------------------------
Bugs Fixed
o Anti Virus: Crash during update of McAfee engine (79160, 79315)
o Proxy: Under circumstances threads will not be ended if the server connection dies (79224)
6.8.1 build 3859: Part Number 91-0949290-A------------------------------------------
New and Improved
o Secure Cache: consistency check for cache database on startup
![Page 42: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/42.jpg)
Bugs Fixed
o Secure Cache: Webwasher doesn't close connections (79477)
o SMTP Gateway: TLS email delivery fails (79463)
o Authentication: 6.8 Native ntlm auth fails (79452)
o Authentication: Native NTLM user in too many groups (79412)
o Proxy: HTTP 1.0 without host header does not work for WCCP (79456)
o Archiver: Crash in Microsoft CAB archives under circumstances (79443)
o SMTP Gateway: Mails delivered but mailbody was changed to Cannot Load AV Engine (79232)
6.8.0 build 3780: Part Number 91-0948991-A------------------------------------------
New and Improved
Performance improvements
o Proxy: WCCP MAC address rewrite L2 redirect (78562)
o Proxy: WCCP multi router support incl. multicast (78105)
o SSL Scanner: Tunnel SSL on expression to enhance transparent deployments
o SSL Scanner: Enhancements for interoparability with Sidewinder
o Authentication: LDAP/V3 support with SLDAP (73779)
o Authentication: Security setting that allows to turn SMB signing off if server doesn't support it (79157, 79235)
o Authentication: Support for NTLM: Local Nested Groups (79087)
o Authentication: Support for NTLM: Trusted Domains
o Authentication: Support for NTLM: Possibility to search Domain Controllers via DNS lookup
o Filter: Enhancement for file size limit (78182)
o Filter: Whitelist by ContentLenght Header (74820)
o Anti Malware: Option to completely fail open when AV cannot load (79272)
![Page 43: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/43.jpg)
o Configuration: Distribution of configuration for Secure Mobile Web Filter
o Reporting: New log file field "auth_group" to print the group name (73656, 75031, 76928)
o Reporting: Write custom parameters as result of Generic Header Filter (79126)
o Reporting: Log FTP Proxy Username in proxy access log (79286)
o Reporting: Optionally add domain as prefix to user name in access log when authenticating via NTLM (79070, 76832)
o Safe Search Enforcer: reduce false positives
Bugs Fixed
o Proxy: Not possible to do a redirect for site http://www.intierra.com/ (79057)
o Proxy: FTP-over-HTTP error message without Slash at the end (79188)
o Filter Engine: Action 'Library Cache' is hanging (79164)
o ICAP Server: URL Filter feedback does not send any URLs (78396)
o ICAP Server: Fetch group name from HTTP header (79127)
o SSL Scanner: Entries disappearing (78718)
o URL FIlter: Sometimes Smartfilter update has to be triggered twice (78951)
o Mediatype Filter: mp3 file handling (79007)
o Mediatype Filter: XHTML Mobile not detected properly (78063)
o Mediatype Filter: Problem with type detection for special gif images (78909)
o Mediatype Filter: Office 2007 Excel files (xlsx)blocked by magic bytes (79102)
o Settings are getting changed on the site without changes on master (79097)
o Central Management: Administrator SSH public keys are not completely synchronized in cluster (79058)
o Configuration: Wrong location of "authorized_keys" file results in losing admin keys (79084)
![Page 44: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/44.jpg)
o Configuration: Wrong file permissions after configuration restore and ww restart (75362)
o Authentication: Add domain name to group name disappears (79248)
o Subject Filter broken (79065)
o Addressing Internet Explorer bug that can lead to ICAP communication problem (79214)
o HTML Filter: in rare cases crashes Webwasher (79189)
o Archiver: multipart archive was detected as corrupted (79159)
o Secure Administration Shell: Action "SSH Idle Connection Cleanup" hangs (79297)
o Generic Header Filter: Illegal HTTP header when custom param creation is intended (79350)
o Engine Update failed if customer set archive size limit to 1 Mb (79317)
o URL Filter: Safe Search Enforcer breaks google-insight (79403)
o Anti Malware: JPEG exploit is not getting blocked anymore (79337, 79360)
6.7.6 build 3649: Part Number 91-0949014-A------------------------------------------
Bugs Fixed
o Proxy: ICAP errors with web reputation disabled (79122)
o Native NTLM: SMB connection will fail if DC not support SMB signing (79235)
o ProActive: Crash downloading ISO > 4 GB (79268)
o Proxy: Crash due to hanging threads (79224)
o Webcache: Crash under circumstances (79239)
6.7.5 build 3601: Part Number 91-0948965-A------------------------------------------
Bugs Fixed
o Proxy: POST request fails, connection is reseted (79095, 79055, 78819)
o ProActive: Streaming of flash videos vidoe/flv broken (79182)
![Page 45: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/45.jpg)
o Authentication: Username not written to Logfiles if NTLM Cache is activated (79141)
6.7.4 build 3534: Part Number 91-0948913-A------------------------------------------
Bugs Fixed
o Anti Spam: Memory leak in Mailshell library (78680)
o SSL Scanner: SSL handshake error (79151, 79185)
o SNMP: Authentication bypass in net-snmp/wwsnmp (79201)
o Webcache: Webwasher crashes under circumstances (79054)
6.7.3 build 3507: Part Number 91-0948855-A------------------------------------------
Bugs Fixed
o Document Inspector: False Positive in XML files for McAFee virus scanner (79086)
o Authentication: Encrypted file cannot be loaded if file length is exactly X kb (79153)
o Authentication: Segfault occured if server returned RPC packet of FAULT type (79139)
6.7.2 build 3448: Part Number 91-0948711-A------------------------------------------
New and Improved
o SSL Scanner: Preinstalled root CA's updated
o Media Type Detection: Detection of quicktime containers enhanced (78988)
o Proxy.pac file with customizable caching age (78749)
o Authentication: Multi packet response support for Native NTLM (79061)
o Authentication: NTLM machine name field limited to 15 characters for compatibility reasons (79015)
o Authentication: Test page for NTLM configuration in GUI
o SSL Scanner: Problem with new SSL Scanner licensing (78945, 78946)
Bugs Fixed
![Page 46: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/46.jpg)
o ICAP client error (79036)
o Inconsistent progress page interface (78998)
o Trusted Source: Rating under Solaris always 50 (78584)
o Proxy: Proxy.pac file corrupted when delivered to site instance (78681)
o Proxy: HTTP pipelining not working (79010)
o GUI: Correct use of certificate chain for webinterface (77784)
o Document Inspector: PDF file is blocked when "Embedded Script" enabled (78982, 79035)
o Document Inspector: Error with scanning PDFs in certain circumstances (78273, 79032, 78901, 78448, 79046)
o SMTP Gateway: Crash in mail queue handling (78980)
o SMTP Gateway: Queue overview link doesn't contain port (78904)
o URL Filter: SafeSearch Enforcer blocks Google Maps (79033)
o Authentication: LDAP E-mail mapping and attributes with commas (78626)
6.7.1 build 3376: Part Number 91-0948643-A------------------------------------------
Bugs Fixed
o Document Inspector: Not Working with MSOOXML (78916, 78866)
o Migration: Some Whitelist entries are deleted after update (79020)
o Authentication: IP-mapping mixed up or lost under load (78793, 78943)
o Authentication: eDirectory only uses first result for authenticating a User by IP address (78940)
o Authentication: Native NTLM limited to 10 group memberships (79011)
o Authentication: NativeNTLMv2 broken (79031)
o Authentication: Native NTLM Setup fails under circumstances (79009, 79042)
6.7.0 build 3295 : Part Number 91-0948352-A
![Page 47: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/47.jpg)
-------------------------------------------
New and Improved
o High Availability support according to Linux HA
o Available under Red Hat Enterprise Linux 5.0 and Suse Linux Enterprise Server 10
o Native NTLM support
o Enhancements for "Ensured Streaming Media May Bypass AV"
o Proactive: Enhancements to decrease false positives in script code
o Authentication: Support of Radius fallback server
o Authentication: Support of Radius group mapping
o Authentication: Promptless authentication outside Webwasher subnet (78545)
o Reporting: Sort log files alphabetically (76663)
o SMTP Gateway: Different languages for digests depending on domains (78614)
o Authentication: RADIUS fallback enhancement for Admin authentication (78476)
o Archiver: Support for non-standard tar files (78783)
o SmartFilter SDK 4.3.1.06
Bugs Fixed
o WebCache: Enabled caching results in broken connections (78778)
o SMTP Gateway: "Tab" character inside header field causes address mapping to fail (78516)
o SMTP Gateway: Attachment broken when Mail Footer is added by Webwasher (78729)
o Document Inspector: Thread needs 79% CPU (78649)
o Exceptions for TLS cannot be defined (78659)
o Logging: unix_epoch variables for blockpages display incorrectly (78665)
o GUI: Backup fails because of too many server certs (78677)
![Page 48: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/48.jpg)
o RealAudio streaming not working (78596)
o GUI: Backup includes addressmapping.txt (78720)
o SSL Scanner: Common Name displayed weird when inspecting certificate (78695)
o SSL Scanner: IP address is truncated when inserted in the certificate list (78802)
o Upload Filter: Malformed multipart/form-data upload crashes Webwasher (78722)
o Media Type Detector: HTML file detected as text/xml (78708)
o Media Type Detector: WebWasher does not recognize Powerpoint document (78755)
o Centralized Management: Cluster does not synchronize (78591)
o Proxy: Webwasher closes connection even though it sends "Proxy-Connection: keep-alive" (78889)
o Anti Malware: Settings are active though not licensed (78896)
o Unable to download large .exe file (78856)
o Proxy: Change FTP Command Filter for partial downloads when "REST 0 (78817)
o Proxy: Problem if 2 authentication methods are configured for FTP proxy(78660)
o Anti Spam: Mail Footer modifies Outlook Calendar entries (77238)
o Authentication: LDAP login prompt freezes after entering the credentials (78803)
o URL Filter: Faulting module sfcontrol.dll (78655, 78927, 78652)
o Central Management: Radius "Shared Secret" breaks on site (78824)
o Reporting: Log file structure set back to default for site instances (78883, 78829)
6.6.3 build 3150: Part Number 91-0948278-C------------------------------------------
Bugs Fixed
o Linux vulnerability fixed (78837)
o Authentication: LDAP login prompt freezes after entering the credentials (78803)
![Page 49: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/49.jpg)
6.6.3 build 3102: Part Number 91-0948278-B------------------------------------------
Bugs Fixed
o Proxy: Illegally closing connection breaks web server NTLM authentication (78742)
6.6.3 build 3023: Part Number 91-0948278-A------------------------------------------
New and Improved
o Reporting: Feedback generation without certain logs (78519)
o Reporting: Sort logfiles alphabetically (76663)
o OS sanity check for restore function (78468)
o Ad-aware updates through webwasher fail (78492)
Bugs Fixed
o Generic Body Filter: UI has problems with specific chars(78490)
o SSL Scanner: CN mismatch if CN is in unicode (78534)
o Proxy: Server authentication problem if authentication canceled (78480)
o Proactive: Update is greyed out if AV but not AntiMalware is licensed (78532)
o Problem with parameters in URL redirect custom action (78375)
o Reporting: %BR field not working for syslog action (78565)
o Reporting: Corrupted log file structure definition (76449, 78357, 78538)
o Web Reputation: Whitelist entry for sun.com does not work (78564)
o Whitelist: Not working for office documents and form data (78315)
o Authentication: Issues when admin account uses RADIUS authentication (78645)
o Authentication: Allow Internet access when auth server is down" does not work (78557)
o Document Inspector: Thread needs 79% CPUand webwasher is not responding (78649)
![Page 50: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/50.jpg)
o Document Inspector: Endless loop in corrupted Excel document (78592)
o Anti Malware: Problems with Sophos engine (78550, 78540, 78513)
o Upload Filter: Crash under special circumstances (78606)
o Proxy: Malformed upstream proxy requests (78575)
o WebCache: Crash under special circumstances (78641)
6.6.2 build 2970: Part Number 91-0947890-C------------------------------------------
Bugs Fixed
o GUI: Not possible to use full stops in administartor names (77331)
o LDAP: Problems with support for "Umlaute" (78537)
o WebCache: Crash under high load (78578)
6.6.2 build 2933: Part Number 91-0947890-B------------------------------------------
Bugs Fixed
o Anti Spam: Memory leak during update (78453, 78357)
o Anti Spam: Webwasher crashes if there are no spamfingerprint*.dat files (78525)
o LDAP: Problems with "Umlaut" (78461)
o WebCache: Cache content inconsistent (78521)
6.6.2 build 2924: Part Number 91-0947890-A------------------------------------------
New and Improved
o Logging: write update log information also to syslog (78351)
o GUI: hit rate displayed in "webwasher" dashboard (78348)
o Transparent IP based authentication with eDirectory
o Secure Admin Shell: Add function to reload policy (78159)
Bugs Fixed
o If custom hostname is used, ports are not added (78399)
![Page 51: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/51.jpg)
o Action for known CAs not executed (78402)
o Content-Length Header not updated upon POST body modification (78344)
o Wrong helpfile for mail footer (78397)
o Broken files cached when bigger download is canceled (78172)
o Java application not working via Webwasher (78366)
o SSL Scanner: problems with time server certificate (78373)
o Cannot add proxy ports in Windows (78361)
o Media Type mismatch on 302 redirect (78320)
o Logging: writing garbage into access log (78289)
o Problem white listing embedded objects (78324)
o Fixed crashing bug (78325)
o "Send to Support" not working when HTTP GUI disabled (76433)
o Malformed executable causes a crash in PEParser (78391)
o Proactive Scanning: Scrambled letters on some multi-byte character set web pages (78129, 78090)
o Deleting email from digest web interface doesn't move it to trash queue (78318)
o Problems with more than one Content-length header (78352)
o Documentinspector: Deadlocks / Crashes on Windows (77995, 78003, 78161, 78274)
o GUI response slow or doesnt work (78425, 78439)
o Anti Spam: wrong Mailshell results if online query fails (78000)
o Sustain sessions in WCCP enabled load balancing deployment scenario (78335)
o WebCache: Whitelisting cache does not work (78444)
o WebCache: Too many x-cache headers (78392)
6.6.1 build 2883: Part Number 91-0947799-A------------------------------------------
New and Improved
![Page 52: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/52.jpg)
o Possibility to whitelist web reputation filter
o Possibility to whitelist media type adaptation (fixes: 78277, 78257, 78291)
o Dashboard: New tab "Webwasher" (77463)
o Actions: New option to set HTTP status code
o Add settings to adapt to thread/connection usage in a URL Filter only deployment
Bugs Fixed
o Web reputation and enabled cache break streaming (e.g. youtube) (78262)
o Document Inspector: Malformed Word document causes crash (78255)
o Centralized Mmgt: routing rules not sync'd completely (77932)
o Logging: Webwasher looses or forgets log lines (78170)
o Map does not load (78184)
o Anti Spam: TrustedSource ratings too high (78271)
o Anti Spam: Mail Footer modifies Outlook Calendar entries (77238)
o Progress Pages for HTTPS requests: Links to embedded objects are http (78278)
o Dashboard: Corrupt display when lists contain very long URLs (78163)
o Web Cache: problems when setup as transparent proxy (78340, 78296)
o Change permissions of lib/files directory to enable uploading of online help files via GUI (78231)
6.6.0 build 2856: Part Number 91-0947717-A------------------------------------------
New and Improved
o Webcaching engine
o Own "DNS Cache" implementation
o Radius Authentication
o Support for scanning of large files (> 2GB) (only Appliance, Deb4.0 and RHEL 4 )
![Page 53: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/53.jpg)
o Additional SmartFilter options (CGI parameters, categorizing embedded URLs, categorization of a search engine requests by keywords)
o SmartFilter SDK 4.3.1.02
o Generic Body Filter on Raw POST bodies (78034)
o Integrated authentication with vista against UserDB (77981)
Bugs Fixed
o Incremental update of the URL Filter doesn't work (78253)
o Connection to NTLM Agent are closed too often (77926)
o Cluster: Problems in Master/Submaster configuration (77905)
o Archiver: *.ram attachment in email is blocked by "Magic Byte Mismatch" (77965)
o SMTP Gateway: Multiple recipient mail gets released/deleted for all recipients over Digest Interface (77976)
o Progress Page: The Browser save dialog presents wrong name of PDF files (77992)
o SMTP Gateway: eMail crashing Webwasher 6.5.3 (78022)
o Authentication Pop-Up doesn't show up through Webwasher (75951, 76988)
o SSL Scanner: CERTVERIFY error with www.viqtest.com (endless loop) (77889)
o NTLM-Agent: Crash on shutdown (78014)
o NTLM Agent: timeout issue (78087)
o Proxy does not log auth_user when using transparent authentication (78197)
o New media type application/xml (78199)
o NTLM Agent: timeout issue (78087)
o Select Timezone field resets to UTC after reboot (78086)
o ldap libraries not installed with webwasher debian 4.0 package (78082)
o Problem with libxml2 under solaris (78038)
![Page 54: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/54.jpg)
o Clean up obsolete lib dependencies under solaris 10 (78032)
o Stream not passing webwasher (78115)
6.5.3 build 2760 : Part Number 91-0947174-A--------------------------------------------
New and Improved
o Roles: Support delegated creation of new admin accounts
o Secure Admin Shell: interface to User Database (77817)
o Cluster: possible to make Web / E-Mail mapping private
o GUI: Added "Add Domain Name to Group Name" box on policy mapping rules page (77835)
o Improved performance for download of pages with numerous objects via IE
o GUI function to various Url Filter features added (77788)
o Media Type Filter: Added Media Type application/xhtml+xml to Media Type Catalogue (77743)
o URL Filter: Enhanced mapping of Unicode URL parameters to Basic Access Control Filter list
o Language Packs: Support for error message templates in Korean, Portuguese, Chinese, Spanish, Italian
o Support for Debian 4.0
Bugs Fixed
o Dashboard: Empty Anti Malware Quick Snapshot (77907)
o Roles for manipulating WW UserDB (77844)
o Roles: Second administrator is not able to apply certain settings (77733)
o Roles: Way to bypass read only queue access (77837)
o Document Inspector: Detection of embedded excel files (77823)
o Embedded Object Filter: reason written for mail blocked by embedded scripts filter (77673, 76702)
o HTTP(S) Proxies: RFC compliance for Via header (77867)
o Document Inspector: Endless loop for certain PDF files (77849)
![Page 55: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/55.jpg)
o WW stops parsing HTTP headers when a header starts with "--" (77816)
o Prefix Filter: Webwasher freezes due to hanging threads (77863)
o GUI: Correct handling of list entries with blank fields (77762)
o ProActive Scanning:: allow actions with comma in name (77732)
o Embedded Scripts Filter: Scripts with Language="JavaScript1.1" are not regognized as JavaScript (77740)
o Logging: Invalid category entry in access.log for certain data (77748)
o Logging: Log file push can lead to never ending timed action (77815)
o Logging: Tab not working as delimiter in logfile definition (77834)
o Archiver: Content Type does not match only when file is zipped (77806)
o Policy Mapping: Usermapping applies to Username and Domainname (77808)
o URL Filter updates with Anti Spam only license fail (77783)
o URL Filter: volume quota not counted (77819)
o URL Filter: Block during work hours does not work (77758)
o exiting WW during update of Smartfilter results in hanging WW (77957)
o Rare crash (77683)
o UTF 16 encoded xml file not detected correctly (77795)
o Anti Spam: Own Hostname broken for End user Requests (77821)
o Java Application does not work over WebWasher with authentication (74390)
o Feedback Script: strange problem with feedback.cmd (75662)
o Mediatypes for appliance NICs are not complete(77724)
o Dashboard: Network utilization not shown (77838)
6.5.2 build 2676 : Part Number 91-0946963-A--------------------------------------------
![Page 56: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/56.jpg)
New and Improved
o Improve next proxy handling with HTTP 1.0 next-hop proxies (77674)
o SmartFilter SDK 4.3.02
o Logging: Support logging of filter engine information in proxy log file (includes all custom parameters and filter results) (77720)
o Updated Default Settings in clean installations to enhance out-of the box security policy while being compliant to common data protection requirements
o RBL check for intermediate mail server not working (77193)
o Support configuration of host routes (77705)
Bugs Fixed
o Centralized Mmgt: Reboot in cluster not working (77355)
o Centralized Mmgt: Inconsequent behaviour of centralized update (77678)
o ShellExpression Error (77193)
o URL Filter: Inappropriate Category Scheme notification (77672)
o Dashboard: System alerts are not correct (77707)
o Progress Page: Force Invalid Proxy Request notification (77702)
o FTP Proxy: Multi-line FTP replies through proxy (77679)
o Archiver: AES-encrypted Zip-archive was detected as corrupted (76880)
o Archiver: Incomplete detection of spanned zip archive (77715)
o high values in dashboard - Network Utilization (77603)
o Bypass streaming media does not work for URLs without extension (77716)
o GUI: NIC configuration page displays description field (77703)
6.5.1 build 2652 : Part Number 91-0946864-A--------------------------------------------
New and Improved
o support GUI configuration of more than 2 NICs
![Page 57: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/57.jpg)
o Centralized Mmgt: site can be configured to periodically request full configuration from master (77261 )
Bugs Fixed
o Centralized Mmgt: Cluster out of sync after changing account password (77312)
o Centralized Mmgt: Exception for Ports in Clusterdistribution (74419)
o progresspage only shows 2Gb (77628)
o UUE encoded file handled incorrectly (77532)
o Dashboard: read-only GUI account is allowed to reset "Quicksnapshot" stats and Live Reports (77561, 77564)
o SMTP Gateway will not be started if HTTP and FTP proxy is disabled (77601)
o SSL Scanner: "Inspect Certificate" produces error when next-hop proxy is TSP, Sidewinder or ISA Server (77505)
o Post request results in 407 Proxy Authentication Required (77472)
o Wrong system alert "Progressive Lockout is used in an action but is not activated yet" (77595)
o HEAD response with content lenght header (77615)
o TimeScheme "Non-working hours" (77653)
o Centralized update: Spamequator update broken on sites (77400)
o Mail Gateway: Plain text mails are getting blocked (77625, 77620)
o Mail Gateway: Mails with content type message/delivery-status not recognized (77620)
o Generic Header Filter: Could not be used to detect missing header (77652)
o 'delete selected' not working correctly with static routes (77538)
o specifying media on network interface (77559)
6.5.0 build 2643 : Part Number 91-0946613-A--------------------------------------------
New and Improved
![Page 58: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/58.jpg)
o GUI: Dashboard and Quick Snapshots
o Initial Streaming media support
o URL Reputation System
o Welcome page
o URL Filter: Adoption of the SmartFilter SDK
o New action "Delay"
o New action "Progressive lock-out"
o New action "Authorized Override"
o Proxy: Allow actions on HTTP/FTP commands and methods
o Proxy: Proxy.pac support
o Proxy: Multiple listener ports per protocol
o Proxy: Allow to substitute IP address in FTP Port command
o Authentication: Support nested Active Directory groups
o Add URL Feedback system for uncategorized URL
o Document Inspector: XML Parser
o Document Inspector: Support Open Document Format
o Document Inspector: Support Microsoft Office Open XML
o Document Inspector: Support SOAP
o Logging: more information on actions in audit.log
o support WCCP
o GUI: Configuration of NTP
o GUI: Configuration of static routes
o GUI: Port forwarding in transparent proxy setup
Bugs Fixed
o Webwasher looses configuration (76494)
o Embedded Scripts: Executable script content was not stripped out of emails and web pages if nested <script> tags were used (77373)
o Crash with termsignal 11 (77159, 77310)
![Page 59: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/59.jpg)
o missing session information in incident manager (77482)
o Crash because of special cab file (77452)
o Setting (Enduser) User Interface Port to 80 does not work (77445)
o Small pdf blocked by Webwasher with error File is Larger Than 2 GB (77410)
o Released mail does not go through release policy (77397)
o Multiple recipient spam emails do not get released properly (77396)
o no values for spam_res+spam_level in smtpfilter.log (77053)
o URI in Service Name List gets truncated when ending in any combination of 0 & 1s (77210)
o Centralized updates seems to avoid spamequator update on sites (77400)
o Policy mapping via IP Mapping based on X-Client-IP (77556)
o Mp3 media type detection false positives (77520)
6.0.1 build 2583 : Part Number 91-0946423-A--------------------------------------------
Bugs Fixed
o Setting (Enduser) User Interface Port to 80 does not work (77445)
6.0.1 build 2572 : Part Number 91-0946423-A--------------------------------------------
Bugs Fixed
o sporadic crashes when SSLScanner not licensed (77129,77134,77243,77270,77273)
o Handling of encapsulated postscripts (77327)
6.0.1 build 2533 : Part Number 91-0946423-A--------------------------------------------
New and Improved
o Detect malformed MIME parts in text attachments
6.0.1 build 2512 : Part Number 91-0946423-A--------------------------------------------
![Page 60: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/60.jpg)
New and Improved
o Next Hop Proxy handling
o GUI improvements
o New ssl libs, fixes CVE-2006-2937 and CVE-2006-2940
o Read-only admin can now change his own pwd (76863)
o Support to bind End User Port to port 443 (77058)
o Progress Pages resize window if a download popup to small
o Enhance Progress Page to work with Internet Explorer 7
Bugs Fixed
o Quotas not synced in cluster (76972)
o Fixed NTLM authentication at a webserver (76988)
o Wrong status code 500 instead of 502/504 if server can't be reached (76976)
o SSL Scanner: Rare crashes with Progress Pages (76931)
o IFP Server implementation more robust (77007)
o SMTP Gateway: A malformed mail contained an attachment of type message/rfc822 that had a sinle section of type message/rfc822 that had a single section of type message/rfc822 4771 times causes a crash (77017)
o GUI: Secure/Unsecure mix of images in internal request and error messages (77040)
o GUI: limited administrator role not correct (77173)
o SSL-Scanner: SSL handshake fails on server with pkcs1 padding error (76057)
o Fixed "Use other host or URL" on Queue View (77051)
o URL Filter: Filter by Expression list looses it's settings (77065)
o Links in Overal Summary Reports lead to empty Policy Reports (77066)
o Smtp Gateway: Digest buttons show sometimes wrong deposited URL's (77063)
o Crash if embedded object is referenced by a large URL > 1023 with
![Page 61: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/61.jpg)
whitelisted Mediatype Filter (77064)
o Next Proxy settings not reachable when Next Proxies down (77078)
o Un-justified System Alert on Site when using "Centralized Update" (77080)
o Improved stability under Solaris 10
o
6.0 build 2455 : Part Number 91-0946256-A------------------------------------------
New and Improved
o New product Anti Malware including Secure Anti-Malware engine
o User Database added to support authentication without need of external directory services
o User Database: Allow new users to add themselves if they can authenticate at the LDAP Server
o Support transparent authentication with internal challenge/response method, basic authentication, basic authentication over SSL or login page (76081)
o Support of the Internet Filtering Protocol IFP
o Proactive: Enhanced heuristic for Windows executables
o Proactive: Execution Path Disassembler (PE parser)
o Proactive: Identify client computers that may have Potentially Unwanted Programs (PUP) installed
o Proactive: Enhanced VB and Java Script detection
o Proactive: Split rules set for JavaApplets and Java Application
o Proactive: Special rules for Trusted Sites to avoid false positives (75932)
o Proactive: Script engine for special rules (e.g. jpeg, WMF vulnerability)
o Anti Spam: Fingerprinting of mails to avoid misclassification
o Anti Spam: Automatic whitelisting of sender information (74376)
o Anti Spam: Automatic whitelisting on release from Spam Queue (74780)
![Page 62: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/62.jpg)
o Anti Spam: More MailShell options in GUI
o Anti Spam: On site training of MailShell filter by customer spam and ham messages
o Anti Spam: Support of TrustedSource as new Spam method
o Mail Gateway: Support of TrustedSource in the SMTP dialog to reject mail directly
o Mail Gateway: Centralized queue management (e.g. replication/fallback)
o Mail Gateway: Centralized queue view in cluster
o Mail Gateway: Resend Digest
o Mail Gateway: TLS Support for SMTP
o Mail Gateway: Address mapping for sender and recipients in incoming and outgoing mails
o Message Filter: Offer filter action "Remove Attachments"
o Message Filter: Enhanced Phishing Filter
o GUI: Redesigned for improved usability
o GUI: Ajax support for realtime values (e.g. Life Reports, update status, statistics)
o GUI: Sessions support with automatic logout (73948)
o GUI: Audit logging to track configuration changes
o GUI: Click history for smarter GUI navigation
o GUI: Import/Export for error templates
o GUI: Alert when leaving a page without "Apply Changes"
o GUI: Improved list views
o GUI: Optional display of Web and/or Mail settings
o Cluster: Synchronization of Quota data (74977)
o Queue based feedback system for Spam and Malware
o Content Security: Improved detection of unknown embedded scripts (75515)
o Own port for end user operations like Digest or password changes in User Database (74782)
![Page 63: CgLinux Changelog ================= This file contains … · CgLinux Changelog ===== This file contains the new features, changed features and bugs that have been fixed for this](https://reader033.vdocument.in/reader033/viewer/2022050814/5af0cdd87f8b9abc788da5cd/html5/thumbnails/63.jpg)
o Proxies: Failover and routing rules for all parent proxies
o Proxies: Individual authentication processes for each proxy (76343)
o Secure Administration Shell: Different public key for every admin (76342)
o Archive Handler: Can be switched off (76344)
o Distributed Updates for all subscription based data in cluster (74515,76040)
o Increased granularity in White List for Content Security filters (76396)
Bugs Fixed
o Crashes with termsignal 6 and 11 in CHTTPSConnection (76281)
o Archive Handler: Email attachment is filtered from Archive Handler Web section (76316)
o Archive Handler: Zip Files perilously detected as corrupted Archive (76391)
o Logging: "spam-res" and "spam-level" print mail subject in custom log file (76418)
o Password containing "Umlauts" do not work - No Access (76428)
o Document Inspector: Encrypted PowerPoint documents are treated as simple OLE2 Structured Storage files (76476)
o ProActive: damages PDF file (76567)
o Error message with wrong language (76613)
o smtp helo displays tailing ";" on the helo name (76652)
o Progress Page: download of big files named with blanks (76740)