December 26, 2018

Important Security Update for FreeNAS

Netatalk is included in FreeNAS. However, this vulnerability only impacts those who have the AFP service enabled in FreeNAS.

A new version of Netatalk (3.1.12) has been released that addresses a security vulnerability (CVE-2018-1160) for users of the Apple Filing Protocol (AFP). Due to the severity of this security advisory and the possibility of unauthenticated remote code execution, iXsystems has released a patch for the stable version of FreeNAS and updated the stable install version available for download. To ensure the version you are running is patched, look for this version name: FreeNAS 11.2-RELEASE-U1

Existing FreeNAS users are encouraged to apply the update by going to System and choose Update. FreeNAS users who are running versions prior to FreeNAS 11.1-U6.3 or FreeNAS 11.2-RELEASE-U1 are still vulnerable and should make a plan to update. Always backup your system configuration and verify the integrity of your backups before updating.


  • 64620 Bug Address Netatalk CVE-2018-1160

Tickets can be viewed at the iXsystems & FreeNAS Redmine page.