Important Security Update for TrueNAS & FreeNAS
NOTE: Netatalk is included in TrueNAS & FreeNAS. However, this vulnerability only impacts those who have the AFP service enabled in TrueNAS & FreeNAS.
A new version of Netatalk (3.1.12) has been released that addresses a security vulnerability (CVE-2018-1160) for users of the Apple Filing Protocol (AFP). Due to the severity of this security advisory and the possibility of unauthenticated remote code execution, iXsystems has released a patch for the stable versions of TrueNAS and FreeNAS and updated the stable install versions available for download. To ensure the version you are running is patched, look for these version names:
TrueNAS customers can contact iXsystems Technical Support for a pre-update health check and to ask any technical questions regarding this update. You can contact Customer Support by calling 1-855-GREP-4-iX or emailing firstname.lastname@example.org.
Existing FreeNAS users are encouraged to apply the update by going to System and choosing Update. FreeNAS users who are running versions prior to FreeNAS 11.1-U6.3 or FreeNAS 11.2-RELEASE-U1 are still vulnerable and should make a plan to update. Always backup your system configuration and verify the integrity of your backups before updating.
|Ticket #||Type||Target Version||Description|
|64602||Bug||FN 11.1-U6.3||Address Netatalk CVE-2018-1160|
|62620||Bug||FN 11.2-U1||Address Netatalk CVE-2018-1160|
|64611||Bug||TN 11.1-U6.3||Address Netatalk CVE-2018-1160|