James Moses
Cadet
- Joined
- Dec 5, 2013
- Messages
- 5
Colleagues,
Is it reasonable, normal and common practice to do out-of-band software patch downloads and installs against a version of FreeNAS?
I recently upgraded my stable FreeNAS 9.3 to 11.1-U1 in order to get new OS features like TLS1.2, and deprecate older features. Upgrade was flawless. However, my environment requires me to scan and patch weekly. I noticed that there are several vulnerabilities against FreeNAS11.1-U1 that come up with a vulnerability scan. I totally understand that the scanner uses installed-software-version as the method to determine vulnerability. Also, I totally understand I still need to determine applicability of detected vulnerability since FreeBSD patch concept is different-than-mainstream (patch the vul, but don't change the version).
Nevertheless, if there were a major zero-day that came out tomorrow, would it be normal to patch FreeNAS "appliance" or should I wait until there is a newer built?
Thanks. Sorry if this has been already answered. I tried to do my forum reading homework before posting.
r/
-Jim
Is it reasonable, normal and common practice to do out-of-band software patch downloads and installs against a version of FreeNAS?
I recently upgraded my stable FreeNAS 9.3 to 11.1-U1 in order to get new OS features like TLS1.2, and deprecate older features. Upgrade was flawless. However, my environment requires me to scan and patch weekly. I noticed that there are several vulnerabilities against FreeNAS11.1-U1 that come up with a vulnerability scan. I totally understand that the scanner uses installed-software-version as the method to determine vulnerability. Also, I totally understand I still need to determine applicability of detected vulnerability since FreeBSD patch concept is different-than-mainstream (patch the vul, but don't change the version).
Nevertheless, if there were a major zero-day that came out tomorrow, would it be normal to patch FreeNAS "appliance" or should I wait until there is a newer built?
Thanks. Sorry if this has been already answered. I tried to do my forum reading homework before posting.
r/
-Jim