No changes since release 7.1-4.9

It turned out that our systems are not affected by the announced security vulnerability.

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Glibc library

A bug in the central system library glibc allows local users to gain unrestricted access.

Update of various system components

The update includes new releases of the Linux kernel and of Avira Antivirus. The predefined lists of trusted CA certificates, the free URL filter database and the SPAM filter ruleset are updated as well. Systems without daily IDS updates (systems without maintenance contract) receive new IDS rules with this update.

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of Linux kernel with Intel CPU microcodes

The security vulnerability "Downfall" allows an evil program to access data of other processes or the operating system. The update installs a new Linux kernel with updated Intel CPU microcodes.
The vulnerability affects 19" devices (Rack Server) delivered since October 2020. Thin Servers and the small Eco Servers are not affected.
If you are running a virtual system, please check if a security update is available for the host.

Encryption of PKCS#12 files

The private key in PKCS#12 files used to be encrypted with the outdated TripleDES cipher, as other operating systems are not able to process these files if better encryption is used. As an option you can now choose AES-256 encryption.
IPsec installation packages for Windows will keep using TripleDES, as these files have to be processed by Windows. OpenVPN installation packages for Windows (*.exe) however will be issued with AES-256 only, as OpenVPN for Windows includes its own crypto library that supports this format.
We recommend to create a new AES encrypted backup of the CA certificate and destroy the old copy. OpenVPN configurations on Windows clients with a *.p12 file in addition to the *.ovpn file should be updated, too. In this case, destroy the old *.p12 file.

OpenVPN installation package for Windows (*.exe)

OpenVPN 2.6 for Windows was no longer able to read the PKCS#12 files of OpenVPN installation packages, as the public certificates were encrypted with a no longer supported cipher.

Let's Encrypt Staging-Server

The download of Let's Encrypt test certificates failed.

Reverse proxy Autodiscover

Added support for Autodiscover V2 via reverse proxy.

Update of various system components

The update includes new releases of Avira Antivirus, the runtime environment for apps, the IPsec, Web, DNS, SNMP and SSH servers.

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of Linux kernel

The update fixes a vulnerability in the Linux kernel that allows users that were able to login on operating system level to gain full access. Via network a login on operating system level usually requires that the SSH server has been enabled. If in addition the configuration grants Internet access to the SSH server you should update immediately.

IP lists for Instagram and Soundcloud

Both IP lists are no longer maintained. If in use, the update will clear the lists, otherwise they are deleted. The IPs of Instagram became part of IP list Facebook, Soundcloud became part of IP list Amazon-AWS.

Errors with transparent proxying to services with frequently changing IPs

Minor bugfixes and improvements

Update of several software components

Web proxy, Intrusion prevention, Avira Antivirus, WLAN service and a few system-related tools have been updated.

Kaspersky product key

Systems running the Kaspersky virus scanner have to install the update until 2023-06-12. This is the day the old product key will expire.

Service for delayed execution of command

The service is used to install updates at a certain point in time, install updates via management server and repeat failed transfers of backups and logfiles. After an update in release 7.1-4.4 the service stopped processing jobs until other jobs were added or deleted. Systems updated to release 7.1-4.5 after 2023-02-10 already received the bugfix. All other systems receive the bugfix with this update.

Extensive usage of large IP objects caused timeouts in administration interface

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Security fixes in several components

The update fixes less critical security vulnerabilities in the Linux kernel, the Avira virus scanner and multiple system libraries.

Client certificate for outbound mails

It is now possible to use a client certificate for authentication when sending mails via the relay server of a provider.

DNSSEC validation fails

If in version 7.1-4.4 the DNS server was started with DNSSEC enabled and no Internet access, a broken cache file was created. It was then no longer possible to query DNSSEC secured DNS information.

Upgrade of WithSecure (F-Secure) scanners to app

Systems which are still running the old F-Secure virus scanner and have at least version 7.1-4.4 installed will receive an upgrade to the WithSecure app at the beginning of the update procedure.

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Security fixes in several components

The update fixes less critical security vulnerabilities in the Linux kernel, the Avira virus scanner, multiple system libraries and tools.

Tagging of all inbound mails

It used to be possible to tag the subject of inbound mails only if a local email address was used as sender. Now an additional option allows you to tag the subject of each inbound mail with a userdefined prefix instead.

Reset of network card driver on new thin servers

Under hight network load, network driver resets occured on recently bought thin servers, leading to short interruptions of the network communication. With the previous update the problem had been fixed for the newest device generation. This update will enable the fix also for devices with a slightly older mainboard revision.

Minor bugfixes and improvements

Blocking of URLs and headers in reverse proxy

It is now possible to block requests with certain URLs or headers for all configured ports. This can help to prevent the exploitation of security vulnerabilities in the web applications of background servers until a bugfix becomes available.

Hyper-V: sequence of network cards mixed up

Since update 7.1-4.0 it could happen that after a reboot the sequence of network cards was wrong. Only virtual systems running in a Hyper-V host are affected.

Reset of network card driver on new thin servers

Under hight network load, network driver resets occured on recently bought thin servers, leading to short interruptions of the network communication.

Avira Antivirus

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Blocking of IP addresses after authentication failures

Since release 7.1-4.0 IP addresses have no longer been blocked temporarily after repeated authentication failures via SMTP or SSH.

Security fixes in several components

The update fixes less critical security vulnerabilities in the Linux kernel, multiple system libraries and tools

Mail client with OAuth2 authentication for Microsoft 365

From 2022-10-01 on it will be necessary to authentication with OAuth2 in order to retrieve mails from Microsoft 365 mailboxes with POP3 or IMAP4. For a description of the necessary steps to configure Azure AD and Exchange Online, please check the online help of the OAuth2 parameters.

Mandatory header for mail archive

A new option in the mail archive settings lets you configure a header which must be present in a mail to be stored. You can use this e.g. to store mails only if they have been sent by the journal feature of your Exchange Online tenant.

IPsec interface on bridge

Since 7.1-4.0 data received via IPsec was discarded if the ipsec interface is linked to a bridge.

Minor bugfixes and improvements

F-Secure antivirus app

On some devices the mail virusscan failed after a reboot.
The web proxy content filter displayed a wrong message for password protected or encrypted files (virusscanner not installed)

URL filter database category "Spyware"

In version 7.1-4.0 we integrated a new datasource for the "Spyware" category into the free URL filter database. Unfortunately this datasource defines the term spyware very broadly, resulting in problems with some web sites. We significantly reduced the number of entries taken from this datasource.

Domainlists and IP lists

The following additions have been made:
  • OFFICE: cdn.office.net
  • WINDOWS: update servers for Exchange Antimalware
  • ANTIVIRUS: update server for Sophos virus scanners
The new IP lists GOOGLE_CLOUD and MICROSOFT_AZURE have been added as IP objects. The IP list AMAZON has been renamed to AMAZON_AWS.

Minor bugfixes and improvements

Secure

DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.

Flexible

Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple Internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany