October 16, 2018

We are pleased to announce the general availability of TrueNAS 11.1-U6.1.

This bug fix release addresses the following security vulnerabilities:

  • FreeBSD-SA-18:08.tcp: Resource exhaustion in TCP reassembly
  • FreeBSD-SA-18:09.l1tf: L1 Terminal Fault (L1TF) Kernel Information Disclosure
  • FreeBSD-SA-18:10.ip: Resource exhaustion in IP fragment reassembly
  • FreeBSD-SA-18:11.hostapd: Unauthenticated EAPOL-Key Decryption Vulnerability
  • FreeBSD-SA-18:12.elf: Improper ELF header parsing
  • CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient
  • CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
  • CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server
  • CVE-2018-1139: Weak authentication protocol allowed
  • CVE-2018-1140: Denial of Service Attack on DNS and LDAP server

This version includes the Changelog listed at: FreeNAS 11.1 U6.

These features are specific to TrueNAS 11.1-U6:

Console messages now appear in the footer by default. To remove the footer, go to System → Advanced and uncheck “Show console messages in the footer”.

Asigra Backup has been added to Services, allowing licensed Asigra Backup software to use TrueNAS as the storage backend. To learn more about Asigra or to enquire about licensing, contact sales@ixsystems.com.

The End-User Agreement (EULA) has been updated. During initial setup, the login screen will display the EULA with options to agree to the terms or to cancel the EULA display. Cancelling the display will still provide access to the GUI but the EULA will display on subsequent logins until the user agrees to the terms. The EULA is available online.

Known Impacts

The em, igb, ixgbe, and ixl Intel drivers have been patched to resolve a performance degradation issue that occurs when the MTU is set to 9000 (9k jumbo clusters). Before configuring 9k jumbo clusters for cxgbe create a Tunables with a Variable of hw.cxgbe.largest_rx_cluster, a Type of Loader, and a Value of 4096. The cxgb driver does not support jumbo clusters and should not use an MTU greater than 4096.

SMB1 has been disabled by default for security reasons. If legacy clients are no longer able to connect, type this command in the Shell, then restart the SMB service:

sysctl freenas.services.smb.config.server_min_protocol=NT1

If that resolves the issue, you can make that setting permanent by going to System → Tunables → Add Tunable and creating a Tunable with these settings:

Variable: freenas.services.smb.config.server_min_protocol

Value: NT1

Type: Sysctl