[FONT=Verdana][SIZE=2]Hi All,
Tomorrow we will publish a fast-release (no soft process) of Up2Date 7.507 to all existing installations to address an issue around Unix Time which can affect the use of certificates, and thus your ASG installation. This up2date package should be applied before the end of August.[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
From our QA overlords:[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
What happens exactly? [/SIZE][/FONT] [FONT=Verdana][SIZE=2] Within AxG we use certificates for different purposes, i.e. for each user that is created and CAs (certificate authorities) for signing the certificates mentioned before. When performing the initial setup, some CAs as well as the admin certificate are generated. In general, these certificates should last for a long time as we don't want to keep the administrators busy with regenerating certificates. Thus, we've used a sliding end-date depending on the date the cert/CA gets created. Whenever a cert is signed by a CA, the cert's end-date will match the CA's end-date.
How is AxG affected?[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
[/SIZE][/FONT] [FONT=Verdana][SIZE=2]When passing a certain point in time the theoretical end-date for our certs and CAs is beyond 19 January 2038 which will cause trouble to the system as the end-date of a cert/CA must not be before the start-date[/SIZE][/FONT][FONT=Verdana][SIZE=2].
There are some different issues which might result in not installing this up2date, ranging from initial setup (please wait, this will take 40 seconds part) failing, WebAdmin logins denied, or some VPN's needing to be recreated. [/SIZE][/FONT] [FONT=Verdana][SIZE=2]
*IMPORANT, PLEASE READ THIS*[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
Any and all systems which have this up2date applied before the end of August 2010 will be completely free from troubles or consequences as a result of this global Linux/Unix issue. If you apply it, you can avoid needing to educate yourself on all the possible outcomes or creating support tickets! For units which are not updated before then, we will issue a single fix for this bug via a specially crafted pattern Up2Date as well, which will be automatically patched/applied without updating the firmware version.
7.507 Particulars[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
*7.507 Up2Date package has been released to the FTP server and is available now for manual download [/SIZE][/FONT] [FONT=Verdana][SIZE=2]ftp://ftp.astaro.com/pub/Astaro_Security_Gateway/v7/up2date/u2d-sys-7.507.tgz.gpg
**Spread via Up2Date infrastructure will start tomorrow morning CEST. ***ISO and ASI images on FTP server will get replaced/updated by the end of tomorrow, August 13th. [/SIZE][/FONT] [FONT=Verdana][SIZE=2]
Remarks:[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
Configuration will not be upgraded
System will be rebooted
News:[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
This Up2Date should be applied before end of August 2010
Bugfix:[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
ID14657 Overflow in certificate creation will cause invalid certificates
Data:[/SIZE][/FONT] [FONT=Verdana][SIZE=2]
Md5: 321e9f87525bc36dcfdd9531a6a1e5a0
Size: 8,147,144 bytes (Approx 8MB)
We wanted to inform everyone as soon as possible, hope everything around this special fast-up2date is clear. (Basically, just install this to avoid the possibility of problems later on).
[/SIZE][/FONT]PS. If you are so inclined, you can read more about this Unix Time Issue:
Unix time - Wikipedia, the free encyclopedia (the section titled "Representing the Number" might suffice as getting across the Gist of the issue.)
[FONT=Verdana][SIZE=2]Year 2038 problem - Wikipedia, the free encyclopedia[/SIZE][/FONT]
This thread was automatically locked due to age.
