I have a 45Drives Storinator in production at an office that runs TrueNAS 12.0 U8.1, it was upgraded from 11.0 Release and there is discussion to further upgrade to 13.0 U4 or beyond.
The problem we just found out is that Microsoft is patching RPC authentication to stop RPC Signing and only allow RPC Sealing, CVE-2022-38023. Multiple of our other NAS vendors have been jumping on this as this a huge change.
Also, Samba released this statement, https://www.samba.org/samba/security/CVE-2022-38023.html, and these versions, Samba 4.15.13, 4.16.8 and 4.17.4, and later are patched to fix this issue.
I have only seen that TrueNAS 13.0 U3 updated to and fixed below.
NAS-118437 Update net/samba to Samba 4.15.10
I do want to say up front, I don't control patching scheduling and our security office isn't going to hold off for one NAS in one of our locations. We are just hoping this is on TrueNAS's radar to get fixed soon. I have searched for the CVE, the samba version, and multiple other ways of writing this out and have not seen any posts or bugs as of yet. My google-fu may be failing in this regard.
Thanks
The problem we just found out is that Microsoft is patching RPC authentication to stop RPC Signing and only allow RPC Sealing, CVE-2022-38023. Multiple of our other NAS vendors have been jumping on this as this a huge change.
Also, Samba released this statement, https://www.samba.org/samba/security/CVE-2022-38023.html, and these versions, Samba 4.15.13, 4.16.8 and 4.17.4, and later are patched to fix this issue.
I have only seen that TrueNAS 13.0 U3 updated to and fixed below.
NAS-118437 Update net/samba to Samba 4.15.10
I do want to say up front, I don't control patching scheduling and our security office isn't going to hold off for one NAS in one of our locations. We are just hoping this is on TrueNAS's radar to get fixed soon. I have searched for the CVE, the samba version, and multiple other ways of writing this out and have not seen any posts or bugs as of yet. My google-fu may be failing in this regard.
Thanks