Important Advisory: Issue caused by Pattern Update
Summary: On Jan 27th, 3 pm UTC new application definitions were released for the Barracuda NextGen Firewall F-Series. The included Content-Pattern file had corrupted data in it. Due to this defect, the parsing of the definitions failed on the firewall, causing some processes to loop and as a result effecting a high CPU load. The effect was more pronounced on smaller appliance models and may not have been noticed on larger appliance with many CPU cores.
The following processes have been affected:
The Barracuda Network Security Team quickly withdrew the corrupted definitions at 5:45 pm UTC, but the update pattern delivery process does not (for security reasons) allow for the delivery of executables, nor can an arbitrary executable (or script) be invoked throughout pattern update processing. Therefore, Barracuda had no possibility to fix the issue from remote by restarting the affected processes. Even after downloading new, fixed update definition files, these processes remained in a dysfunctional state.
Impact: Even though generally at least one trans7 process was locking up, the Firewall service kept running using the current firewall ruleset. The service did at no point in time unload the ruleset, or switch to "fail open " or "fail close" mode. However, subsequent firewall ruleset changes (done when the box was in this state) were not processed and written to kernel space, which means that the active configuration of the firewall service did not change, even though a ruleset change was performed through the configuration interface. This error condition is only resolved through a restart of the firewall service, or by applying the provided hotfix.
Affected Firmware: Barracuda NextGen Firewall F-Series Firmware Version 6.2.x or 7.0.x
Mitigation: Affected Firewalls cannot be remediated automatically but need to have a hotfix installed. Customers who notice the described symptoms should IMMEDIATELY install the following hotfix. Note that this hotfix works for 6.2.x and 7.0.x
We apologize for any inconvenience caused by this issue. We are constantly evaluating our quality assurance processes and will take appropriate measures to immunize our systems against similar incidents in the future.
Edited by Bernhard Patsch, 01 February 2017 - 02:16 PM.
Added latest information on ruleset issues and hotfixes