Jump to content


Photo

Firmware Release 7.1.x HOTFIXES


  • This topic is locked This topic is locked
6 replies to this topic

#1 Oliver Braekow

Oliver Braekow
  • Moderators
  • 162 posts
  • LocationInnsbruck, Austria

Posted 03 August 2017 - 07:59 AM

This topic is used to announce new hotfixes for firmware release 7.1 and future 7.1.x releases.
Please subscribe to this topic if you are interested in availability of new hotfixes for firmware release 7.1.x only.
If you are interested in general announcements of new firmware releases (e.g. 8.0.0) please subscribe to the following forum topic "Firmware Release Announcements" which can be found one level up.


#2 Oliver Braekow

Oliver Braekow
  • Moderators
  • 162 posts
  • LocationInnsbruck, Austria

Posted 04 August 2017 - 04:36 AM

Important Security Hotfix

 

Summary:

Security hotfix to address an issue that could lead to unauthorized, low privilege access via the management IP addresses.

 

Description:

Several hotfixes were released on Aug 3rd 2017 to address an internally discovered logic error in the configuration process which could allow an attacker to gain unauthorized low privilege access to the NextGen Firewall via the management IP addresses.

 

Affected products:

The logic error exists in the following versions of the NextGen Firewall F series firewalls as well as NextGen Control Centers since firmware 5.2.3:

  • 5.2.x - end of support reached - please upgrade to newer firmware
  • 5.4.x - end of support reached - please upgrade to newer firmware
  • 6.0.x - resolved in Hotfix 837
  • 6.1.x - end of support reached - please upgrade to newer firmware
  • 6.2.x - resolved in Hotfix 836
  • 7.0.0 - resolved in Hotfix 838
  • 7.0.1 - resolved in Hotfix 834
  • 7.0.2 without Hotfix 825 - resolved in Hotfix 834
  • 7.0.2 with Hotfix 825 - resolved in Hotfix 839
  • 7.0.3 The issue is resolved in maintenance release 7.0.3 released on Aug 3rd. 2017.
  • 7.1.0 - resolved in Hotfix 835

Mitigation:

The Hotfixes released today fully mitigate the issue in the affected versions. Hotfixes are available in the download portal: https://dlportal.barracudanetworks.com.

Additionally, with firmware release 7.0.0 or newer the hotfix corresponding to the current fimware release will be displayed in the UPDATES section of the General Dashboard on NextGen Firewalls F-Series.

Additionally, with firmware release 7.0.0 or newer the hotfixes will be available from the Download Portal tab of the CONTROL -> Firmware Updates section on NextGen Control Centers.

 

 

We further recommend that customers isolate the management IP addresses to a trusted local network. The NextGen Firewall supports setting additional ACLs for accessing the management interface that can further increase security. Finally, we also recommend setting strong passwords on all accounts or configuring key based authentication and disabling password authentication.

 

Instructions on setting up ACLs and key based authentication are available here:

How to Change the Root Password and Management ACL

How to Configure Key-Based SSH Authentication for the Root User

How to Configure Certificate Based Authentication for the Root User



#3 Markus Lang

Markus Lang
  • Moderators
  • 362 posts

Posted 15 November 2017 - 04:45 AM

Hotfix 852 - Firewall Improvements
 
Summary Firewall service stability improvements
 
Publication Date Nov 10, 2017
Type Hotfix
Version 852-7.1.1-131318
Size 35.9 MB
 
Applies to
7.1.1 (NextGen Firewall F-Series and Control Center)
 
Components
  • Forwarding Firewall (NextGen Firewall F-Series and Control Center)
  • Virus Scanner (NextGen Firewall F-Series and Control Center)
  • CC VPN (NextGen Firewall F-Series and Control Center)
  • VPN (NextGen Firewall F-Series and Control Center)
  • Host Firewall (NextGen Firewall F-Series and Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
  • Firewall plugin stability improvments, resolving issues with failed FTP data sessions when handling a large number of FTP sessions.
  • Resolved issue where in some cases application rules did not match for HTTPS sessions. This also caused URL Filter and File Content policies configured in the application rule to not be evaluated.
  • Multiple SMTP and FTP protocol handling improvements.

Senior Product Manager

#4 Markus Lang

Markus Lang
  • Moderators
  • 362 posts

Posted 24 November 2017 - 03:29 AM

Hotfix 856 - Network Activation
Summary Resolves issue causing network interruptions after a soft network activation
Publication Date Nov 23, 2017
Type Hotfix
Version 856-7.1.1-132409
 
Size 18.8 MB
 
Applies to
7.1.1 (NextGen Firewall F-Series)
 
Components
Control (NextGen Firewall F-Series)
 
Description
This hotfix contains the following improvements:
 
A soft network activation now only removes changed virtual server IP addresses and no longer causes a network interruption.

Senior Product Manager

#5 Markus Lang

Markus Lang
  • Moderators
  • 362 posts

Posted 19 April 2018 - 04:09 AM

Hotfix 868 - Virus Scanner
 
Summary Reduced memory requirements of Avira scanning engine and resolved ATP initialization issues
Publication Date April 19, 2018
Type Hotfix
Version 868-7.1.2-137693
Size 118.3 MB
 
Applies to
7.1.2 (CloudGen Firewall F-Series)
 
Components
Virus Scanner (CloudGen Firewall F-Series)
 
Description
This hotfix includes the following improvements:
 
The memory requirements for the Avira engine have been reduced.
If the initialization of an update for the Avira engine fails, the respective update is now unloaded properly.
Avira no longer crashes after an update in certain situations.
The reporting of Avira product, engine and pattern versions has been improved.
The retrieval of ATP credentials now works as expected.

Senior Product Manager

#6 Markus Lang

Markus Lang
  • Moderators
  • 362 posts

Posted 19 April 2018 - 04:11 AM

Hotfix 867 - 4G USB Modem M40/M41 Support
 
Summary CloudGen Firewall firmware support for Barracuda 4G USB Modem models M40/M41.
Publication Date April 19, 2018
Type Hotfix
Version 867-7.1.2-138048
Size 817.5 KB
 
Applies to
7.1.2 (CloudGen Firewall F-Series)
 
Description
This package contains the following improvements:
 
Add support for Barracuda 4G USB Modem models M40/M41

Senior Product Manager

#7 Markus Lang

Markus Lang
  • Moderators
  • 362 posts

Posted 15 May 2018 - 10:10 AM

Hotfix 875 - 7zip Vulnerability (CVE-2018-10115)
 
Summary Fixes security vulnerability CVE-2018-10115 in 7zip
Publication Date May 15, 2018
Type Hotfix
Version 875-7.1.2-138729
 
Size 1.9 MB
CVEs CVE-2018-10115
 
Applies to
7.1.2 (NextGen Firewall F-Series)
 
Blocks package on Control Center
Update package for NextGen Firewall F-Series from 6.X and 7.X to 7.2.0 EA1

Blocks package on NextGen Firewall F-Series
Update package for NextGen F-Series from 6.X and 7.X to 7.2.0 EA1
 
Description
This hotfix includes the following improvements:
 
Fixes the security vulnerability CVE-2018-10115 in 7zip

Senior Product Manager