FreeNAS-8.0.4-RELEASE-p2 has been released and all users of the 8.0.x series are encouraged to upgrade to this patchset as it addresses 2 security vulnerabilities:
- CVE-2012-2111: this Samba vulnerability affects FreeNAS systems when the CIFS service is enabled. This vulnerability could allow an authenticated user to grant themselves the “take ownership” privilege. This privilege is used by the smbd file server to grant the ability to change ownership of a file or directory which means users could take ownership of files or directories they do not own.
- FreeBSD-SA-12:01.openssl: this OpenSSL vulnerability affects all FreeNAS systems as OpenSSL is built into the operating system. This vulnerability can result in a denial of service attack against the system.
Before upgrading, backup your configuration in System -> Settings -> General -> Save Config. If you are upgrading from a release earlier than 8.0.4, be sure to read the Release Notes first.