=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN243
_____________________________________________________________________

DATE                      : 01/07/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Kolab Server versions prior to 2.2.4.

======================================================================
http://kolab.org/pipermail/kolab-announce/2010/000095.html
______________________________________________________________________

Hi!

I just uploaded the final release of Kolab Server 2.2.4, which contains
about 20 enhancements and fixes compared to the previous release.

Updated packages of ClamAV, OpenSSL, Apache and PHP fix various security
issues.

Upgrading from 2.2.3 should be straightforward, but make sure you follow
the upgrade instructions in 1st.README if you are upgrading by using the
.src.rpm files together with binary RPMs from existing installations.

Documentation and OpenPKG packages are available from
http://files.kolab.org/server/release/kolab-server-2.2.4/
as shown on http://kolab.org/download.html and from the mirrors
listed on http://kolab.org/mirrors.html

http://files.kolab.org/RSYNC.txt explains how to get (or mirror)
the files via rsync.

All files updated since 2.2.4 are available in the directory
server/development-2.2/20100629-since-20091217/

You can check the integrity of the downloaded files by importing our file
distribution key and verify the OpenPGP signature and SHA1 checksums:

$ wget https://ssl.intevation.de/Intevation-Distribution-Key.asc
$ gpg --import Intevation-Distribution-Key.asc
$ gpg --verify SHA1SUMS.sig
$ sha1sum -c SHA1SUMS

Binary packages for Debian GNU/Linux 5.0 (lenny/stable) on x86 platforms
can be found in the ix86-debian5.0 directory next to the sources.
Because this release includes security updates, we still provide binary
packages for Debian GNU/Linux 4.0 (etch/oldstable), too, but as already
announced for 2.2.3, support for etch will be dropped.

For install instructions and more information about this release, look at
http://files.kolab.org/server/release/kolab-server-2.2.4/sources/1st.README and
http://files.kolab.org/server/release/kolab-server-2.2.4/sources/release-notes.txt

Please report any problems you encounter in our issue tracker:
https://issues.kolab.org/

Regards,
Thomas Arendsen Hein

-- 
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================