Important Security Update for TrueNAS & FreeNAS

NOTE: Netatalk is included in TrueNAS & FreeNAS. However, this vulnerability only impacts those who have the AFP service enabled in TrueNAS & FreeNAS.

A new version of Netatalk (3.1.12) has been released that addresses a security vulnerability (CVE-2018-1160) for users of the Apple Filing Protocol (AFP). Due to the severity of this security advisory and the possibility of unauthenticated remote code execution, iXsystems has released a patch for the stable versions of TrueNAS and FreeNAS and updated the stable install versions available for download. To ensure the version you are running is patched, look for these version names:

TrueNAS 11.1-U6.3

FreeNAS 11.1-U6.3

FreeNAS 11.2-RELEASE-U1

TrueNAS Customers

TrueNAS customers can contact iXsystems Technical Support for a pre-update health check and to ask any technical questions regarding this update. You can contact Customer Support by calling 1-855-GREP-4-iX or emailing support@ixsystems.com.

FreeNAS Users

Existing FreeNAS users are encouraged to apply the update by going to System and choosing Update. FreeNAS users who are running versions prior to FreeNAS 11.1-U6.3 or FreeNAS 11.2-RELEASE-U1 are still vulnerable and should make a plan to update. Always backup your system configuration and verify the integrity of your backups before updating.

Changelog

Ticket # Type Target Version Description
64602 Bug FN 11.1-U6.3 Address Netatalk CVE-2018-1160
62620 Bug FN 11.2-U1 Address Netatalk CVE-2018-1160
64611 Bug TN 11.1-U6.3 Address Netatalk CVE-2018-1160

Submit a Comment

Your email address will not be published. Required fields are marked *