Samba Vulnerability and FreeNAS?

DaPlumber · Aug 4, 2014

https://www.samba.org/samba/security/CVE-2014-3560

Do FreeNAS users have anything to be concerned about with this nmbd bug? I'm not a huge SMB user, mostly AFS, but should we plan for a patch or point-rev soon?

cyberjock · Aug 4, 2014

They do have to be concerned. 9.2.1.7 is already in the works and will be out before the end of the week. In essence, if you are on any 9.2.1.x branch you should upgrade to 9.2.1.7 when it comes out.

Whattteva · Aug 4, 2014

I suppose if you don't trust your internal network users, then it's an issue.
Such use-case scenario doesn't apply to me though.

cyberjock · Aug 4, 2014

Technically you have to trust your computers too. If one of them is pwned then you can also be screwed. :(

c32767a · Aug 4, 2014

DaPlumber said:
https://www.samba.org/samba/security/CVE-2014-3560

Ick.

DaPlumber · Aug 5, 2014

cyberjock said:
They do have to be concerned. 9.2.1.7 is already in the works and will be out before the end of the week. In essence, if you are on any 9.2.1.x branch you should upgrade to 9.2.1.7 when it comes out.

Thanks for the prompt reply. Anything else of interest opportunistically rolled into 9.2.1.7?

cyberjock · Aug 5, 2014

DaPlumber said:
Thanks for the prompt reply. Anything else of interest opportunistically rolled into 9.2.1.7?

Yes but I'd rather not make it public as I don't think its my place to talk about it. I will say that for most users the improvements won't be 'significant' except for a small number of users. The business users (TrueNAS) will see the majority of the benefits.

titan_rw · Aug 6, 2014

Here I am still running 9.2.0 on both my boxes. Still don't see a real reason to upgrade. I know at some point I'll have to, but 9.2.0 just works so well.

Whattteva · Aug 6, 2014

Got you beat, I'm still running 9.1.1 here.

DaPlumber · Aug 7, 2014

cyberjock said:
Yes but I'd rather not make it public as I don't think its my place to talk about it. I will say that for most users the improvements won't be 'significant' except for a small number of users. The business users (TrueNAS) will see the majority of the benefits.

Understood. I wasn't asking for a commit or breaking NDA or anything!

I'm mostly just curious if this is usually seen as an opportunity to roll in point upgrades of packages? (Netatalk being the one nearest and dearest to my heart...:D)

cyberjock · Aug 7, 2014

Well, 9.2.1.6 was going to be the last 9.2.1.x release. Basically when 9.2.1.6 was released all the developers went to 9.3 and started working there. For situations like this where a security vulnerability is requiring an update you don't want to go back and spend time adding things unless they are deemed *extremely* important, simple to add to the OS, or both.

In this case the 9.2.1.7 release notes speak for themselves. It's basically a new samba and the ability to do ZFS replication with no encryption. No encryption makes the actual transfer rates scream across 10Gb LAN. This is useful for anyone that has both the push and pull system on a LAN where traffic can be sent in-the-clear without serious risk of data being compromised. Doing this over the internet without going through a VPN or something is just plain stupid though. ;)

DaPlumber · Aug 11, 2014

Well I for one am now a happy camper with 9.2.1.7 purely for the "no encryption" on replicate back port if nothing else! :) Since I'm doing local replication that's a big improvement. Would have been nice if I'd noticed anything in release notes or etc. about the first time turning this on that it give a warning about same as a Critical Alert! Nearly gave me a heart attack!;)

Important Announcement for the TrueNAS Community.

Samba Vulnerability and FreeNAS?

DaPlumber

Patron

cyberjock

Inactive Account

Whattteva

Wizard

cyberjock

Inactive Account

c32767a

Patron

DaPlumber

Patron

cyberjock

Inactive Account

titan_rw

Guru

Whattteva

Wizard

DaPlumber

Patron

cyberjock

Inactive Account

DaPlumber

Patron

Similar threads