A printable plain text version is also available.
From support@imagestream.com Wed Mar 24 10:01:15 2004
Date: Wed, 24 Mar 2004 10:00:23 -0500 (EST)
From: ImageStream Support
Subject: Enterprise Linux 4.1.11 for routers available

Version 4.1.11 of ImageStream's Enterprise Linux is now available as an general
availability (GA) release for all ImageStream router customers.

This software release is provided at no charge to all ImageStream customers.
Version 4.1.11 is highly recommended for all customers.  VERSION 4.1.11 PROVIDES
A PATCH TO NEW VULNERABILITIES PRESENT IN PREVIOUS ENTERPRISE LINUX RELEASES.
SPECIFICALLY, A NEW VERSION OF SSL IS INCLUDED IN THIS RELEASE.

VERSION 4.1.11 AND LATER RELEASES DEPRECATE THE IPCHAINS PACKAGE.  CUSTOMERS
USING IPCHAINS MUST USE THE NEWER IPTABLES UTILITIES INCLUDED IN ALL 4.x
RELEASES.

This release note documents commands and features added between Version 4.1.10
and Version 4.1.11.


----------------------------


New Features in Version 4.1.11


OpenSSL Upgraded To OpenSSL 0.9.7d

The version of OpenSSL included in Version 4.1.11 addresses a recent security
advisory.  Version 0.9.7d included with this release patches the March 17, 2004
advisories regarding null-pointer assignments during SSL handshake and
out-of-bounds reads.  No evidence of root exploitability has been found in
either issue.  This release patches these potential issues.


NetFlow Probe Updated

A new version of the NetFlow probe has been added to Version 4.1.11.  This
version provides additional log information, supports NetFlow versions 5 and 9,
and is more efficient with memory and CPU usage.  The probe dynamically scales
its hash table, ensuring that flows are not lost due to hash table overflows.
Configuration options for this new version of the probe are backwards compatible
with previous releases.  Customers unable to use the NetFlow probe due to high
CPU and memory usage in previous versions are encouraged to reimplement this
service and report any problems to ImageStream Support.


SoftATM And ATM PVC Scheduling Improved

Version 4.1.11 completes incremental work begun in Version 4.1.8 to improve
timer handling for cards that support SoftATM.  Version 4.1.11 adds improved
handling for reloading and shutting down ATM PVCs and eliminates timeouts on
busy PVCs.


Filesystem Size Increased

Version 4.1.11 increases the router's virtual filesystem size to 40 MB from 32
MB in previous releases.  This increase provides additional space for program
and log storage in support of the upcoming addition of PPPoE, PPPoA and other
new functionality planned in Version 4.1.12.


Local System Logging Added

A new version of the system event logger (syslogd) has been added to Version
4.1.11.  This new version supports local logging and native log rotation.  By
default, routers will log data to /var/log/syslog and maintain two files no
larger than 250 KB in an automatic rotation.  The size and number of files in
rotation is configurable by advanced users.  This functionality will not affect
current settings on routers.  Users must run the Event Logging scripts provided
in the Global Configuration router menu to take advantage of the new
functionality.


Local System Log Viewable

Version 4.1.11 adds a menu option to the Advanced menu to enable users to view
the system event log from the menu system.  This command displays the most
recent 250 KB of the event log, if local event logging is enabled.


Advanced Console Logging Added

Version 4.1.11 supports logging to all root user consoles with the system event
logger (syslogd).  This new version of syslogd allows users to log messages to
all root users regardless of their login terminal.  This functionality will not
affect current settings on routers.  Users must run the Event Logging scripts
provided in the Global Configuration router menu to take advantage of the new
functionality.



Bugs fixed in Version 4.1.11


The following bugs have been fixed in Version 4.1.11:


Primary Ethernet Interfaces With VLANs Do Not Reload Properly Fixed

Version 4.1.10 contained a bug that would prevent primary Ethernet devices from
reloading properly when VLANs were configured on them.  This problem was due to
an extra reload flag being cleared improperly.  Version 4.1.11 fixes this
behavior.


Global Configuration Menu Does Not Update On Reboot Fixed

Previous versions of Enterprise Linux failed to update the default editor and
default terminal type choices in the Global Configuration menu.  This issue only
affected the menu display and did not affect the selection or operation of these
tools.  The Global Configuration menu's display now correctly updates at boot
time to reflect default options.


Firewall Script Does Not Prompt With Messages Updated

Previous versions of Enterprise Linux did not output any messages returned by
the router when the firewall script was instated.  Version 4.1.11 now outputs
to the screen any messages generated by the firewall script.


Configuration Daemon Fails To Strip Trailing Whitespace Corrected

The version of SAND's configuration daemon (configmgr) included in Version
4.1.10 failed to trim trailing whitespace from the end of configuration lines.
This causes link bonding to fail when trailing whitespace appears in an
interface command line.


Restore Configuration From File Uses Floppy Drive Instead Fixed

Version 4.1.10 included a bug in the Restore configuration From File menu option
that would attempt to read from a floppy drive.  This resulted in errors when
attempting to restore configurations from a file stored locally on the router.
This behavior has been corrected in Version 4.1.11.