On April 15th, 2021 the US Cyber Security & Infrastructure Security Agency released an alert about a set of nine vulnerabilities referred to as NAME:WRECK.
Full Announcement by Forescout Research Labs can be viewed from Forescout
Forescout Research Labs’ report states that FreeBSD 12.1 is vulnerable. FreeBSD patched this vulnerability and released a notice on 2020-09-02. FreeBSD Security Advisory : FreeBSD-SA-20:26.dhclient
The TrueNAS security errata for this patch is posted here.
The 12.x versions of TrueNAS are based on the 12.2 branch of FreeBSD.
iXsystems strongly recommend all users upgrade to the latest 12.0-U3 version. While 11.3-U5 is not vulnerable to NAME:WRECK, other FreeBSD errata have been made public since 11.3-U5’s release. Since the 11.x versions of TrueNAS are no longer undergoing active development, users should update to the 12.0-U3. You can download the latest version of TrueNAS from TrueNAS.com.
If you have a support contract with iXsystems and have further questions feel free to reach out to your Support representative.