Jump to content


Photo

END OF SUPPORT - Firmware Release 6.2.x HOTFIXES


  • This topic is locked This topic is locked
28 replies to this topic

#21 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 21 October 2016 - 01:41 AM

Hotfix 802 - HTTP Proxy
 
Summary Improved connection error handling
Publication Date Oct 20, 2016
Type Hotfix
 
Size 4.2 MB
 
Applies to
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Requires package
Hotfix 800 - OpenSSL
Blocks package on NG Control Center
Hotfix 800 - OpenSSL
Blocks package on NG Firewall
Hotfix 800 - OpenSSL
 
Components
HTTP Proxy (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
 
Updated HTTP Proxy to fix connection error handling.

Director, Product Management


#22 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 08 November 2016 - 07:16 AM

Hotfix 805 - Cumulative Hotfix
 
Summary Resolves various firewall, DHCP and virus scanning issues
Publication Date Nov 7, 2016
Type Hotfix
 
Size 152.2 MB
 
Applies to
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Blocks packages on Control Center
Hotfix 794 - Virscan Service
Hotfix 790 - Cumulative Hotfix
 
Blocks packages on Next Gen Firewall F-Series
Hotfix 794 - Virscan Service
Hotfix 790 - Cumulative Hotfix
 
Obsoletes packages
Hotfix 794 - Virscan Service
Hotfix 790 - Cumulative Hotfix
 
Components
Forwarding Firewall (NextGen Firewall F-Series and Control Center)
Virus Scanner (NextGen Firewall F-Series and Control Center)
CC VPN (NextGen Firewall F-Series and Control Center)
VPN (NextGen Firewall F-Series and Control Center)
Control (NextGen Firewall F-Series and Control Center)
Host Firewall (NextGen Firewall F-Series and Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
  • Unusual HTTP trailing header fields are now handled correctly.
  • Transparent redirection for traffic which is virus scanned or SSL intercepted now works as expected.
  • Intial DHCP request propagation using multiple bridging groups now works as expected.
  • Network activation no longer fails when switching between a static and a dhcp inteface without changing the IP address
  • Added option to disable VPN replay protection for IPsec VPN tunnels.
  • Schedule objects with a large number of objects (>128) now works as expected.
  • FTP traffic virus scanning improvements.
  • Firewall service stablilty improvements.
  • Fix problem with site specific objects used as connection object for redirect action
  • Fix problem with schedule objects containing too many (>128) entries
  • Improves the startup time of the AV service with enabled Advanced Threat Detection.
  • Sensor data for F800 Rev C and F900 Rev B are now displayed correctly.

Director, Product Management


#23 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 17 November 2016 - 11:18 AM

Hotfix 810 - SSL VPN
Summary Code signing certificate update for SSL VPN applets and NTLM authentication fix for web forwards.
Publication Date Nov 17, 2016
Type Hotfix
 
Size 47.7 MB
 
Applies to
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Blocks packages on Control Center
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfix
Hotfix 786 - SSL VPN
Update package for NextGen F-Series from 6.X to 7.0.1
Update package for NextGen F-Series from 6.X to 7.0.1 with Hotfixes
 
Blocks packages on F-Series Firewall
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfix
Hotfix 786 - SSL VPN
Update package for NextGen F-Series from 6.X to 7.0.1
Update package for NextGen F-Series from 6.X to 7.0.1 with Hotfixes
 
Obsoletes package
Hotfix 786 - SSL VPN
 
Components
VPN (NextGen Firewall F-Series and Control Center)
Access Control Service (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
 
Authenticating multiple users via NTLM for web forwards now works as expected.
Updates the code signing certificate required to validate integrity of the SSL VPN Java applets.

Director, Product Management


#24 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 23 November 2016 - 05:01 AM

Hotfix 813 - DNS Server Vulnerability (CVE-2016-8864)
 
Summary Update BIND to fix security vulnerability CVE-2016-8864
Publication Date Nov 22, 2016
Type Hotfix
 
Size 4.0 MB
 
CVEs CVE-2016-8864
 
Applies to
6.2.0 (NextGen Firewall F-Series and Control Center)
6.2.1 (NextGen Firewall F-Series and Control Center)
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Blocks packages on Control Center
Hotfix 735 - DNS Server
Hotfix 742: DNS
NextGen Firewall F-Series and Control Center 6.2.1 Update Package to update from 6.2.0, 6.2.1
NextGen Firewall F-Series and Control Center 6.2.1 Update Package to update from 6.0.x and 6.1.x
Hotfix 765 - DNS Server
Update package for NextGen F-Series from 6.X to 7.0.0
Update package for NextGen F-Series from 6.2.X to 6.2.2
Update package for NextGen F-Series from 6.X to 6.2.2
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfix
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfixes
Update package for NextGen F-Series from 6.2.X to 6.2.2 with Hotfixes
Update package for NextGen F-Series from 6.X to 6.2.2 with Hotfixes
Update package for NextGen F-Series from 6.X to 7.0.1
Update package for NextGen F-Series from 6.X to 7.0.1 with 2 Hotfixes
 
Blocks packages on NextGen Firewall F-Series
Hotfix 735 - DNS Server
Hotfix 742: DNS
NextGen Firewall F-Series and Control Center 6.2.1 Update Package to update from 6.2.0, 6.2.1
NextGen Firewall F-Series and Control Center 6.2.1 Update Package to update from 6.0.x and 6.1.x
Hotfix 765 - DNS Server
Update package for NextGen F-Series from 6.X to 7.0.0
Update package for NextGen F-Series from 6.2.X to 6.2.2
Update package for NextGen F-Series from 6.X to 6.2.2
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfix
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfixes
Update package for NextGen F-Series from 6.2.X to 6.2.2 with Hotfixes
Update package for NextGen F-Series from 6.X to 6.2.2 with Hotfixes
Update package for NextGen F-Series from 6.X to 7.0.1
Update package for NextGen F-Series from 6.X to 7.0.1 with 2 Hotfixes
 
Components
Caching DNS (NextGen Firewall F-Series and Control Center)
DNS Server (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
 
Updates BIND to version 9.9.9-p4 to fix the following security vulnerability: CVE-2016-8864.

Director, Product Management


#25 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 13 December 2016 - 10:05 AM

Hotfix 818 - Control Center
 
Summary Fixes pattern update issue for Control Centers with a large number of managed firewalls
Publication Date Dec 13, 2016
Type Hotfix
 
Size 13.9 MB
 
Applies to
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Components
Box Configuration (NextGen Firewall F-Series and Control Center)
CC Configuration Service (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
  • Updating patterns and definitions for a large number of managed firewalls no longer overloads the Control Center.

Director, Product Management


#26 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 27 April 2017 - 09:17 AM

Hotfix 827 - Anti Virus Service
 
Summary Resolved issues for Avira virus scanning engine
Publication Date Apr 27, 2017
Type Hotfix
 
Size 118.1 MB
 
Applies to
6.2.3 (NextGen Firewall F-Series and Control Center)
 
Blocks package on Control Center Update package for NextGen F-Series from 6.X and 7.0.X to 7.0.2
 
Components
Virus Scanner (NextGen Firewall F-Series and Control Center)
 
Description
File scanning results from the Avira virus scanning engine containing mulitple result messages are now interpreted correctly. It is now possible to configure the number of days after which quarantined files are deleted in the Advanced View of the Avira Virus Scanner Settings. Scanning archives containing a very large number of files, no longer causes the system to stall. Resolved issue where moving files to the virus scanning quarantine resulted in duplicate files on the firewall.

Director, Product Management


#27 Oliver Braekow

Oliver Braekow
  • Moderators
  • 165 posts
  • LocationInnsbruck, Austria

Posted 03 August 2017 - 08:04 AM

Important Security Hotfix

 

Summary:

Security hotfix to address an issue that could lead to unauthorized, low privilege access via the management IP addresses.

 

Description:

Several hotfixes were released on Aug 3rd 2017 to address an internally discovered logic error in the configuration process which could allow an attacker to gain unauthorized low privilege access to the NextGen Firewall via the management IP addresses.

 

Affected products:

The logic error exists in the following versions of the NextGen Firewall F series firewalls as well as NextGen Control Centers since firmware 5.2.3:

  • 5.2.x - end of support reached - please upgrade to newer firmware
  • 5.4.x - end of support reached - please upgrade to newer firmware
  • 6.0.x - resolved in Hotfix 837
  • 6.1.x - end of support reached - please upgrade to newer firmware
  • 6.2.x - resolved in Hotfix 836
  • 7.0.0 - resolved in Hotfix 838
  • 7.0.1 - resolved in Hotfix 834
  • 7.0.2 without Hotfix 825 - resolved in Hotfix 834
  • 7.0.2 with Hotfix 825 - resolved in Hotfix 839
  • 7.0.3 The issue is resolved in maintenance release 7.0.3 released on Aug 3rd. 2017.
  • 7.1.0 - resolved in Hotfix 835

Mitigation:

The Hotfixes released today fully mitigate the issue in the affected versions. Hotfixes are available in the download portal: https://dlportal.barracudanetworks.com.

Additionally, with firmware release 7.0.0 or newer the hotfix corresponding to the current fimware release will be displayed in the UPDATES section of the General Dashboard on NextGen Firewalls F-Series.

Additionally, with firmware release 7.0.0 or newer the hotfixes will be available from the Download Portal tab of the CONTROL -> Firmware Updates section on NextGen Control Centers.

 

 

We further recommend that customers isolate the management IP addresses to a trusted local network. The NextGen Firewall supports setting additional ACLs for accessing the management interface that can further increase security. Finally, we also recommend setting strong passwords on all accounts or configuring key based authentication and disabling password authentication.

 

Instructions on setting up ACLs and key based authentication are available here:

How to Change the Root Password and Management ACL

How to Configure Key-Based SSH Authentication for the Root User

How to Configure Certificate Based Authentication for the Root User



#28 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 29 November 2017 - 06:59 AM

Hotfix 858 - Firewall
 
Summary Firewall service stability improvements
Publication Date Nov 29, 2017
Type Hotfix
 
Size 18.6 MB
 
Applies to
6.2.4 (NextGen Firewall F-Series)
 
Components
  • Forwarding Firewall (NextGen Firewall F-Series)
  • Virus Scanner (NextGen Firewall F-Series)
  • VPN (NextGen Firewall F-Series)
  • Host Firewall (NextGen Firewall F-Series)
 
Description
This hotfix contains the following improvements:
 
Stability improvments to the Firewall service, to fix an issue causing a kernel panic when the traffic stream matches the Viber messaging platform pattern.

Director, Product Management


#29 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 15 May 2018 - 10:04 AM

Hotfix 873 - 7zip Vulnerability (CVE-2018-10115)
 
Summary Fixes security vulnerability CVE-2018-10115 in 7zip
Publication Date May 15, 2018
Type Hotfix
Version 873-6.2.4-138731
 
Size 1.9 MB
CVE(s) CVE-2018-10115
 
Applies to
6.2.4 (NextGen Firewall F-Series)
 
Blocks packages on Control Center
Update package for NextGen F-Series from 6.X and 7.X to 7.2.0 EA1
Update package for NextGen F-Series from 6.X and 7.X to 7.0.4
Update package for NextGen F-Series from 6.X and 7.X to 7.1.2
 
Blocks packages on NextGen Firewall F-Series
Update package for NextGen Firewall F-Series from 6.X and 7.X to 7.2.0 EA1
Update package for NextGen Firewall F-Series from 6.X and 7.X to 7.0.4
Update package for NextGen Firewall F-Series from 6.X and 7.X to 7.1.2
 
Description
This hotfix includes the following improvements:
 
Fixes the security vulnerability CVE-2018-10115 in 7zip

Director, Product Management