Versions Affected : All versions prior to TrueNAS 13.0-U2
The implementation of lib9p’s handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.
Versions Affected : All versions prior to TrueNAS 13.0-U2
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
Versions Affected : All versions prior to TrueNAS 13.0-U2
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.
Versions Affected : All versions prior to TrueNAS 13.0-U2
When pam_exec(8) is used for authentication with the expose_authtok option and an application calls pam_setcred(3), it attempts to expose an already stored authentication token. It is incorrectly assumed that there always is such a token stored, which leads to dereferencing a NULL pointer if this isn’t the case.
Versions Affected : All versions prior to TrueNAS 13.0-U2
When a CAM-managed device responds to a command with an error condition, CAM may automatically retry the command following some error recovery protocol.
Versions Affected : All versions prior to TrueNAS 13.0-U2
In FreeBSD 13.1, periodic events of type EVFILT_TIMER will return at only half of the requested frequency, following the first event.
Versions Affected : All versions prior to TrueNAS 12.0-U8
Under certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.
Versions Affected : All versions prior to TrueNAS 12.0-U8
Operations specific to TLB invalidation in PCID mode were misordered with respect to IPI transmission.
Versions Affected : All versions prior to TrueNAS 12.0-U8
A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O Virtualization) and DDA (Discrete Device Assignment) devices to fail to operate correctly under Hyper-V.
Versions Affected : All versions prior to TrueNAS 12.0-U8
The hard-coded size for state region 1 (SSE/XMM) was incorrect, effectively filling the xmm8 through xmm15 registers with arbitrary values on signal return when the init optimization occurred.
Versions Affected : All versions prior to TrueNAS 12.0-U7
Several changes in Daylight Saving Time transition dates happened after previous FreeBSD releases were released affecting many users in different parts of the world.
Versions Affected : All versions prior to TrueNAS 12.0-U7
An error during driver initialization results in a kernel panic due to unallocated resources being freed up.
Versions Affected : All versions prior to TrueNAS 12.0-U7
Several certificates were removed from the bundle after the latest release of FreeBSD 12.2 and FreeBSD 13.0.
Versions Affected : All versions prior to TrueNAS 12.0-U6
There are two issues fixed in this security advisory: CVE-2021-23840 & CVE-2021-23841
Versions Affected : All versions prior to TrueNAS 12.0-U6
There are two issues fixed in this security advisory: CVE-2021-3711 & CVE-2021-3712
Versions Affected : All versions prior to TrueNAS 12.0-U6
The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes.
Versions Affected : All versions prior to TrueNAS 12.0-U6
The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
Versions Affected : All versions prior to TrueNAS 12.0-U6
Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors.
Versions Affected : All versions prior to TrueNAS 12.0-U6
When a RHEL 8.4 and later (or variants) are installed as guests within bhyve(8) on emulated NVMe storage, the system will not boot due to a newer UEFI driver that is included with these distributions.
Versions Affected : All versions prior to TrueNAS 12.0-U6
New API functions added in OpenSSL 1.1.1e and later were not publicly exported to applications.
Versions Affected : All versions prior to TrueNAS 12.0-U5
A programming error in the Linux compatibility layer futex(2) system call might allow attackers to cause a denial of service
Versions Affected : All versions prior to TrueNAS 12.0-U5
libcasper(3) allows Capsicum-sandboxed applications to define and use system interfaces which are ordinarily disallowed. It is used by multiple programs in the base system, such as logger(1).
Versions Affected : All versions prior to TrueNAS 12.0-U5
The patch for FreeBSD-SA-21:12.libradius modified rad_get_attr(3) to verify that an attribute length smaller than the minimum required for the attribute type and length fields is disallowed.
Versions Affected : All versions prior to TrueNAS 12.0-U5
libradius did not perform sufficient validation of received messages.
Versions Affected : All versions prior to TrueNAS 12.0-U5
The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin() and copyout() are responsible for disabling SMAP around the sections of code that perform user memory accesses.
Versions Affected : All versions prior to TrueNAS 12.0-U4
Two problems are fixed by this update. First, the pms(4) driver did not correctly handle the new kern.maxphys value set in FreeBSD 13.0. Second, the pms(4) driver did not correctly handle some error cases in the I/O path and would falsely report success to upper layers.
Versions Affected : All versions prior to TrueNAS 12.0-U4
The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin() and copyout() are responsible for disabling SMAP around the sections of code that perform user memory accesses.
Versions Affected : All versions prior to TrueNAS 12.0-U3
Due to a race condition between lookup of “..” and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail.
Versions Affected : All versions prior to TrueNAS 12.0-U3
An unprivileged process can configure an accept filter on a listening socket.
Versions Affected : All versions prior to TrueNAS 12.0-U3
A particular case of memory sharing is mishandled in the virtual memory system.
Versions Affected : All versions prior to TrueNAS 12.0-U3
Attempts to use lldb’s
palias) resulted in lldb aborting.
Versions Affected : All versions prior to TrueNAS 12.0-U3
The net.pf.request_maxcount sysctl provides an upper bound on the amount of memory used by pf(4) to store various types of state.
Versions Affected : All versions prior to TrueNAS 12.0-U3
This advisory covers two distinct OpenSSL issues: X509_V_FLAG_X509_STRICT & TLSv1.2 renegotiation ClientHello message.
Versions Affected : All versions prior to TrueNAS 12.0-U3
When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
Versions Affected : All versions prior to TrueNAS 12.0-U3
A malicious or buggy frontend driver may be able to cause resource leaks in the domain running the corresponding backend driver.
Versions Affected : All versions prior to TrueNAS 12.0-U3
Due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.
Versions Affected : All versions prior to TrueNAS 12.0-U3
A regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.
Versions Affected : All versions prior to TrueNAS 12.0-U3
The existing logic to try and avoid regenerating passwd/login.conf files relies on timestamp comparisons between old and new files, with the caveat that it’s comparing the installed with a timestamp that has been clobbered to do the comparison.
Versions Affected : All versions prior to TrueNAS 12.0-U3
Several certificates were removed from the bundle after the latest release of FreeBSD 12.2.
Versions Affected : All versions prior to TrueNAS 12.0-U3
An interaction between the code which frees the unused portions of the microcode file and the rest of the system can cause boot hangs.
Versions Affected : All versions prior to TrueNAS 12.0-U2
Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch events using a single thread.
Versions Affected : All versions prior to TrueNAS 12.0-U2
The FreeBSD kernel exports file system directory entries to userspace using the generic “dirent” structure.
Versions Affected : All versions prior to TrueNAS 12.0-U2
A regression in FreeBSD 12.2 causes zfs receive to fail to delete snapshots that have been deleted on the source side.
Versions Affected : All versions prior to TrueNAS 12.0-U2
Insufficient locking in the kernel meant that destroying an epair and a vnet jail at the same time often resulted in panics.
Versions Affected : All versions prior to TrueNAS 12.0-U2
Several changes in Daylight Savings Time happened after previous FreeBSD releases were released that would affect many people who live in different countries.
Versions Affected : All versions prior to TrueNAS 12.0-U1
The X.509 GeneralName type is a generic type for representing different types of names.
Versions Affected : All versions prior to TrueNAS 12.0-U1
Two bugs exist in rtsold(8)’s RDNSS and DNSSL option handling.
Versions Affected : All versions prior to TrueNAS 12.0-U1
When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols.
Versions Affected : All versions prior to TrueNAS 12.0-U1
The bug may result in kernel panics under some workloads, typically in the softclock threads.
Versions Affected : All versions prior to TrueNAS 12.0-U1
A regression in FreeBSD 12.2 meant that ipfw(8) fwd commands referencing specific port numbers may configure the firewall incorrectly.
Versions Affected : All versions prior to TrueNAS 12.0-U1
Several changes in Daylight Saving Time happened after previous FreeBSD releases were released that would affect many people who live in different parts of the world.
Versions Affected : All versions prior to TrueNAS 12.0-U1
All execve/fexecve system calls in affected versions will be reported as a failure, even upon successful execution.
Versions Affected : All verisons prior to TrueNAS 12.0
Intel Microcode Release 20201112
Versions Affected : All verisons prior to FreeNAS 11.3-U5
A ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5).
Versions Affected : All verisons prior to FreeNAS 11.3-U5
A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
Insufficient access controls (VMCS) allow root users, including those running in a jail, to change these data structures.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
A programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment, and for initializing and configuring network interfaces and configuring name resolution based on received information.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
The Stream Control Transmission Protocol (SCTP) is a message oriented transport protocol supporting arbitrary large user messages. It can be accessed from applications by using the the socket API.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
IPv6 is a network layer supporting Hop-by-Hop options, which can be sent by applications via the socket API. The memory management for packet handling is done using mbufs.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
getfsstat(2) is a system call which provides information about mounted filesystems. The kernel provides compatibility system calls for old versions of the interface.
Versions Affected : All verisons prior to FreeNAS 11.3-U5
The Linux ABI layer (Linuxulator) allows Linux binaries to be executed on a FreeBSD kernel.
Versions Affected : All verisons prior to FreeNAS 11.3-U4.1
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts alignment of control message headers.
Versions Affected : All verisons prior to FreeNAS 11.3-U4.1
Malicious SQL statements could crash, hijack processes, or cause data corruption.
Versions Affected : All verisons prior to FreeNAS 11.3-U4.1
A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
mps(4) implements a pass-through interface which allows privileged user processes to submit commands directly to disks behind the controller.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
A bug in one of the LinuxKPI subroutines could cause a kernel panic.
Versions Affected : All verisons prior to FreeNAS 11.3-U?
USB Human Interface Device (HID) descriptors may push/pop the current state to allow description of items residing in a so-called union.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module.
Versions Affected : All verisons prior to 11.3-U3.2
The SCTP layer does improper checking when an application tries to update a shared key.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
The FTP packet handler in libalias incorrectly calculates some packet lengths.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
libalias(3) packet handlers do not properly validate the packet length before accessing the protocol headers.
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
The Clang and LLD version detection accepted only versions matching the shell glob pattern [1-9].[0-9]*, which notably does not include 10.0. The build then proceeded as if the compiler or linker version was 0.0.
Versions Affected : All verisons prior to FreeNAS 11.3-U2.1 Description Incomplete packet data validation may result in accessing out-of-bounds memory (CVE-2019-5614) or may access memory after it has been freed (CVE-2019-15874). Workaround No workaround is available. Systems not using the ipfw firewall are not vulnerable. Mitigation Upgrade to FreeNAS 11.3-U3.2 or later Commit FreeBSD Revision : r360149 FreeNAS Commit : 6911f08 Jira Ticket : NAS-105837 Further information FreeBSD Errata Entry
Versions Affected : All verisons prior to FreeNAS 11.3-U2.1
A change in rpc.rquotad made it send RQUOTA v2 requests instead of RQUOTA v1 requests.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
Three NTP vulnerabilities are addressed by this security advisory. NTP Bug 3610, 3596, and 3592.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
A missing NUL-termination check for the jail_set(2) configration option “osrelease” may return more bytes when reading the jail configuration back with jail_get(2) than were originally set.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
Incorrect use of a potentially user-controlled pointer in the kernel allowed vnet jailed users to panic the system and potentially execute aribitrary code in the kernel.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
The driver-specific ioctl(2) command handlers in oce(4) failed to check whether the caller has sufficient privileges to perform the corresponding operation.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
Pseudo header checksum calculations can be delayed until the IPv6 output routine or offloaded to the NIC.
Versions Affected : All verisons prior to FreeNAS 11.3-U2
pf(4) ioctls frequently take a variable number of elements as argument. This can potentially allow users to request very large allocations.
Versions Affected : All verisons prior to FreeNAS 11.3-U1
VFS option processing related to the nmount(2) system call was missing a length check.
Versions Affected : All verisons prior to FreeNAS 11.3-U1
When a binary is statically linked, constructor invocation order is based on priority and sorted arbitrarily within a priority level across all constructors present in the single statically linked object.
Download TrueNAS CORE
Download TrueNAS SCALE
Get TrueNAS Enterprise