3.3R2e Dear Zorp Users, We are happy to announce that version 3.3R2e of the Zorp Application Level Gateway has been released. INCLUDED COMPONENTS The Zorp 3.3R2e release includes the following main components: kernel-image-2.6.17: 4.4 kernel-image-2.6.22: 1.3 libzmisc: 3.3.0.2 libzms: 3.3.0.3 libzorpll: 3.3.0.6 satyr: 3.3.1 zas: 3.3.2 zcv: 3.3.2a zmc: 3.3.2b zms-engine: 3.3.2c zms-monitor-agent: 3.3.2 zms-transfer-agent: 3.3.2 zorp-pro: 3.3.2c zorp-utils: 3.3.2a Changes since Zorp 3.3R2d: Zorp Core * In some cases, the KZorp module processed packets it should not have had to (for example, reply packets). This behavior has been corrected. ZCV * The license of the NOD32 engine has been updated. ZMS/ZMC * Properties were not editable in Node view. This has been corrected. * ZMC occassionally hang during the login process while loading the PKI from the ZMS. This has been corrected. UPGRADING In order to successfully upgrade to Zorp 3.3R2e from an earlier Zorp 3.3R2 version, login to the Zorp host and issue the following commands: # apt-get update; apt-get -u dist-upgrade In order to successfully upgrade to Zorp 3.3R2e from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2e from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2e CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra NOTE: If you are using your MyBalaBit account to access the apt repository, the USERNAME is your e-mail address. In this case, replace the @ character in the username with the '-at-' string, e.g., if your e-mail address is smith@example.com, use it as follows: deb https://smith-at-example.com:PASSWORD@apt.balabit.hu ... - To download only the Zorp 3.3R2e release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2e main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2e zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade 3.3R2d Dear Zorp Users, We are happy to announce that version 3.3R2d of the Zorp Application Level Gateway has been released. INCLUDED COMPONENTS The Zorp 3.3R2d release includes the following main components: satyr 3.3.1 satyr-tools 3.3.1 zas 3.3.2 zcv 3.3.2a zms-engine 3.3.2b zms-gui 3.3.2a zms-lib 3.3.0.2 zms-monitor-agent 3.3.2 zms-transfer-agent 3.3.2 zorp-core 3.3.2b zorp-lib 3.3.0.5 zorp-lib-audit 3.3.0.2 zorp-lib-license 3.3.1.3 zorp-lib-misc 3.3.0.2 zorp-utils 3.3.2a Changes since Zorp 3.3R2c: Zorp Core * The AHCI module was missing from the amd64 version of the 2.6.22 kernel. As a result, some SATA devices were not correctly recognized. This has been corrected. Proxies * When upgrading from Zorp 3.1, the privileges of the files created by the Zorp 3.1 Pssl proxy were incorrect, causing problems during keybridging. This has been corrected. Other * The upgrade.sh script did not always correctly detect the running operating system. This has been corrected. * An error in upgrading the rules of the tproxy chain has been corrected. * The address of the official repositories is added to the /etc/apt/sources.list file even when installing Zorp from CD-ROM. * The upgrade was not finished correctly in certain situations. This has been corrected. * When upgrading ZMS, expired certificates are removed from the ZMS_Trusted_CA group and are replaced with their new version. UPGRADING In order to successfully upgrade to Zorp 3.3R2d from an earlier Zorp 3.3R2 version, login to the Zorp host and issue the following commands: # apt-get update; apt-get -u dist-upgrade In order to successfully upgrade to Zorp 3.3R2d from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2d from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2d CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra NOTE: If you are using your MyBalaBit account to access the apt repository, the USERNAME is your e-mail address. In this case, replace the @ character in the username with the '-at-' string, e.g., if your e-mail address is smith@example.com, use it as follows: deb https://smith-at-example.com:PASSWORD@apt.balabit.hu ... - To download only the Zorp 3.3R2d release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2d main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2d zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade 3.3R2c Dear Zorp Users, We are happy to announce that version 3.3R2c of the Zorp Application Level Gateway has been released. INCLUDED COMPONENTS The Zorp 3.3R2b release includes the following main components: satyr 3.3.1 satyr-tools 3.3.1 zas 3.3.2 zcv 3.3.2a zms-engine 3.3.2b zms-gui 3.3.2a zms-lib 3.3.0.2 zms-monitor-agent 3.3.2 zms-transfer-agent 3.3.2 zorp-core 3.3.2b zorp-lib 3.3.0.5 zorp-lib-audit 3.3.0.2 zorp-lib-license 3.3.1.3 zorp-lib-misc 3.3.0.2 zorp-utils 3.3.2a Changes since Zorp 3.3R2a: Zorp Core * The SideStackChainer chainer class did not work properly. This has been corrected. Proxies * The Plug and Pssl proxies terminated abnormally in some situations. This has been corrected. * The Ssh proxy terminated abnormally when the the PUTTY client-application was used with certain hostkeys. This behavior has been corrected. ZMS * Installing 3.3R2 did not install every CA certificate correctly. This has been corrected. * Privileges of the ZMS database in Zorp 3.3R2b were sometimes incorrect. This has been corrected. Other * The upgrade.sh script verifies that the host uses a 2.6 version of the kernel. (Upgrading is supported only from kernel 2.6.) * The upgrade.sh script of the Zorp 3.3.R2b release was not functioning properly. This has been corrected. * Errors in upgrading Zorp 3.1 to Zorp 3.3 via the network have been corrected. UPGRADING In order to successfully upgrade to Zorp 3.3R2c from Zorp 3.3R2a or 3.3R2, login to the Zorp host and issue the following commands: # apt-get update; apt-get -u dist-upgrade In order to successfully upgrade to Zorp 3.3R2c from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2c from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2c CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra - To download only the Zorp 3.3R2c release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2c main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2c zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade 3.3R2b Dear Zorp Users, We are happy to announce that version 3.3R2b of the Zorp Application Level Gateway has been released. INCLUDED COMPONENTS The Zorp 3.3R2b release includes the following main components: satyr 3.3.1 satyr-tools 3.3.1 zas 3.3.2 zcv 3.3.2a zms-engine 3.3.2a zms-gui 3.3.2a zms-lib 3.3.0.2 zms-monitor-agent 3.3.2 zms-transfer-agent 3.3.2 zorp-core 3.3.2b zorp-lib 3.3.0.5 zorp-lib-audit 3.3.0.2 zorp-lib-license 3.3.1.3 zorp-lib-misc 3.3.0.2 zorp-utils 3.3.2a Changes since Zorp 3.3R2a: Zorp Core * The SideStackChainer chainer class did not work properly. This has been corrected. Proxies * The Plug and Pssl proxies terminated abnormally in some situations. This has been corrected. * The Ssh proxy terminated abnormally when the the PUTTY client-application was used with certain hostkeys. This behavior has been corrected. ZMS * Installing 3.3R2 did not install every CA certificate correctly. This has been corrected. Other * The upgrade.sh script verifies that the host uses a 2.6 version of the kernel. (Upgrading is supported only from kernel 2.6.) UPGRADING In order to successfully upgrade to Zorp 3.3R2b from Zorp 3.3R2a or 3.3R2, login to the Zorp host and issue the following commands: # apt-get update; apt-get -u dist-upgrade In order to successfully upgrade to Zorp 3.3R2b from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2b from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2b CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra - To download only the Zorp 3.3R2b release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2b main zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2b zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade Dear Zorp User, We are happy to announce that version 3.3R2a of the Zorp Application Level Gateway has been released. INCLUDED COMPONENTS The Zorp 3.3R2 release includes the following main components: satyr 3.3.1 satyr-tools 3.3.1 zas 3.3.2 zcv 3.3.2a zms-engine 3.3.2 zms-gui 3.3.2a zms-lib 3.3.0.2 zms-monitor-agent 3.3.2 zms-transfer-agent 3.3.2 zorp-core 3.3.2a zorp-lib 3.3.0.5 zorp-lib-audit 3.3.0.2 zorp-lib-license 3.3.1.3 zorp-lib-misc 3.3.0.2 zorp-utils 3.3.2a Changes since Zorp 3.3R2: Zorp Core * An unexpected failover occured in Heartbeat a few minutes after booting. This has been corrected. * Corrected a race condition that caused abnormal program termination in certain cases. This has been corrected. * The kzorp kernel module allowed some packets to pass even if the CSZoneDispatcher did not found matching zones. This behavior has been corrected. ZMC * The linux-generic installer failed to install ZMC on certain distributions. This has been corrected. If you have tried to install ZMC without success, delete the .loki/installed/bin/Linux/x86/uninstall file from your home directory (or from the /root directory) before installing the new version. Otherwise it will not be possible to properly uninstall ZMC if needed. ZCV * Added support for version 4.5 of the Virusbuster engine. * The 3.3R2 release did not contain the Kaspersky engine. This has been corrected. Basic Reporting * Corrections in the reporting of spam e-mails. Other * The upgrade.sh script contains updates apt sources. UPGRADING In order to successfully upgrade to Zorp 3.3R2a from Zorp 3.3R2, login to the Zorp host and issue the following commands: # apt-get update; apt-get -u dist-upgrade In order to successfully upgrade to Zorp 3.3R2a from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2a from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2a CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp-os zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra - To download only the Zorp 3.3R2a release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2a zorp-os zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2a zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade Dear Zorp User, We are happy to announce that version 3.3R2 of the Zorp Application Level Gateway has been released. IMPORTANT Starting from the Zorp 3.3R2 release, Zorp releases will come in bundles that contain the latest version of every Zorp component. Every release will have its own apt repository. This means that if you want to use a specific Zorp release (for example, because the policies of your organization require extensive testing before upgrading to a new release), you will be able to use the selected release and still apply every security update to your system. See 'Chapter 4.5.1. Upgrading with apt tools' of the Zorp Administrator Guide for details. WARNING In order to successfully upgrade to Zorp 3.3R2, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. See the UPGRADING section at the end of this e-mail for details. WARNING The apt sources currently included in the /etc/apt/sources.list file will be removed, so changing the sources is a must. INCLUDED COMPONENTS The Zorp 3.3R2 release includes the following main components: satyr 3.3.1 satyr-tools 3.3.1 zas 3.3.2 zcv 3.3.2 zms-engine 3.3.2 zms-gui 3.3.2 zms-lib 3.3.0.2 zms-monitor-agent 3.3.2 zms-transfer-agent 3.3.2 zorp-core 3.3.2 zorp-lib 3.3.0.4 zorp-lib-audit 3.3.0.2 zorp-lib-license 3.3.1.2 zorp-lib-misc 3.3.0.2 zorp-utils 3.3.2 Changes since Zorp 3.3R1: Zorp Kernel * Numerous security updates * Corrected an error that caused packages to get lost in certain situations when PFService was in use. * Corrected an error that in certain situations prevented Zorp from transferring UDP connections. * DNAT and port redirection with DirectedRouter can be used together for PFServices. * Kzorp and Zorp may have handled zones differently. This has been corrected. Core * The tproxy module marked unnecessary packets. This has been corrected. * Corrected a memory leak that occurred when a service reached the maximum number of proxy connections permitted. * Corrections in the method of looking up zones: certain zones were not correctly found in some rare cases. * In certain cases, Zorp failed to transfer transparent connections that used the UDP protocol. This behavior has been corrected. Proxies Plug * Fixed a possible abnormal program termination. Pssl * Fixed a problem in the OpenSSL libraries that in some cases resulted in using errouneuous certificates in keybridging. Rdp * Corrected some memory leaks that occurred when the destination of a connection was unreachable. * Corrections in the configuration interface. Vnc * A new proxy is available to control VNC traffic. ZMS/ZMC Core * Corrected a locking problem that occurred when accessing ZMS from multiple ZMC instances. * Logging in to ZMS version 3.3 with ZMC version 3.1 caused the ZMS engine to halt. This has been corrected: ZMS 3.3 can be accessed only with ZMC 3.3. * Corrected an abnormal program termination that occurred when displaying the status details of network connections. * Corrections in the search method of Find services. * Host information includes the uptime of the host. * Host information includes the version number of Zorp, as well as information about the currently running threads and instances. Pssl * Some parameters of the proxy were not properly available from ZMC. This has been corrected. Rdp * Corrections in the configuration interface. Log viewer * Several corrections concerning the downloading and displaying of large amount of logs. Content Vectoring * When upgrading an existing installation, the Quarantine viewer sometimes did not function properly. This has been corrected. ZCV * Corrected a possible abnormal program termination that sometimes occurred when using the nod32 module. ZAS * Corrected a possible segmentation fault. * Add a problem description to the log messages of htpass authentication. * Corrected a possible memory leak. Other * Numerous security updates, including the automatic checking of weak SSL/SSH keys affected by CVE-2008-0166 (see http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166). Weak encryption keys are automatically rejected. * Several corrections in the Zorp installer. Also, Zorp can be installed with kernel version 2.6.22. * Several corrections in the updating of Zorp 3.1 to 3.3. * When Bootstrapping a new node, the admin user receives every possible privileges. Basic Reporting * Changed Basic reporting form to PDF. * Added some charts to the report. * Values have more human-readable metrics. UPGRADING In order to successfully upgrade to Zorp 3.3R2 from Zorp 3.3R1, the /etc/apt/sources.list file of your Zorp hosts must be modified manually. (To upgrade to Zorp 3.3R2 from Zorp 3.1, use the upgrade.sh script available on the Zorp 3.3R2 CD-ROM). To perform the upgrade, complete the following steps: 1. Login to the Zorp host locally, or remotely using SSH. 2. Open the /etc/apt/sources.list file using a text editor (e.g., vi or nano). - To download always the latest Zorp release and security fixes, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp-os zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3latest zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra - To download only the Zorp 3.3R2 release and the security fixes, without upgrading to later releases of Zorp, replace the contents of the file with the following (replace the USERNAME:PASSWORD part with your actual username and password): deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2 zorp-os zorp-os-extra deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3R2 zorp zas zcv zms deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os zorp-os-3.3/3.3security zorp-os zorp-os-extra 3. Issue the following commands: # apt-get update; apt-get -u dist-upgrade zorp 3.3.1b Tue, 19 May 2008 10:33:47 +0200 Changes since version 3.3.1a Plug: * Corrected a memory- and fd-leak that occured when the proxy could not connect to the destination server. zorp 3.3.1a Mon, 18 May 2008 10:33:47 +0200 Changes since version 3.3.1 Rdp: * Corrected an error that prevented the proxy from starting up in certain situations. Dear Zorp User, We are happy to announce that version 3.3 of the Zorp Application Level Gateway has been released. The news and highlights of this version are summarized in the following document: http://www.balabit.com/dl/guides/zorp-gateway-v3.3-guide-whatsnew-en.pdf We are continuously mailing the Zorp 3.3 Installation CDs to our customers who have purchased software subscription. If you would like to test the new features of Zorp earlier, register on the MyBalaBit webpage (http://www.balabit.com/mybalabit/), where you can download the installation CD in ISO format, and also access the new license file required by Zorp 3.3. If you would like to try Zorp 3.3 but have not purchased software subscription, register on the MyBalaBit webpage and request a free trial version. The documentation of Zorp 3.3, including the installation and user guides is available at: http://www.balabit.hu/support/documentation/?product=zorp&type=all&language=all& IMPORTANT: The license files for you receive as part of the software subscription are not included in the package we send by mail, you can download them from the MyBalaBit webpage. IMPORTANT: If you are upgrading an existing Zorp 3.1 system to Zorp 3.3, read the following upgrade instructions before starting the upgrade process: http://www.balabit.hu/dl/guides/zorp-gateway-v3.3-guide-upgrade-en.pdf Best Regards, BalaBit IT Security