All FreeNAS 8.0.x users are encouraged to upgrade to 8.0.4-p3 which was released yesterday. This release update addresses this critical privilege escalation vulnerability.
Joseph S. Atkinson will give a “Short Topics” talk on the FreeNAS plugins framework at the next BayLISA meeting on June 21 at 19:30. This month’s meeting will take place at LinkedIn, 2025 Stierlin Ct, Mountain View, CA. Pizza and drinks will be provided.
If you can attend the meeting, please RSVP first using this link.
FreeNAS-8.0.4-RELEASE-p2 has been released and all users of the 8.0.x series are encouraged to upgrade to this patchset as it addresses 2 security vulnerabilities:
- CVE-2012-2111: this Samba vulnerability affects FreeNAS systems when the CIFS service is enabled. This vulnerability could allow an authenticated user to grant themselves the “take ownership” privilege. This privilege is used by the smbd file server to grant the ability to change ownership of a file or directory which means users could take ownership of files or directories they do not own.
- FreeBSD-SA-12:01.openssl: this OpenSSL vulnerability affects all FreeNAS systems as OpenSSL is built into the operating system. This vulnerability can result in a denial of service attack against the system.
Before upgrading, backup your configuration in System -> Settings -> General -> Save Config. If you are upgrading from a release earlier than 8.0.4, be sure to read the Release Notes first.