Untangle is aware of the CVE-2018-5390 (SegmentSmack) vulnerability that has been discovered in the Linux kernel. It can leave systems vulnerable to a denial-of-service attack. NG Firewall is a Linux-based distribution.
Customers Who are Not Impacted
All customers running v13.2 and older versions are not affected.
Most customers running v14 who upgraded from previous versions are not affected because they are on the 3.16.0 and earlier kernels which are not affected.
Customers Who are Impacted
Customers running both the 4.9.0-6 kernel and NG Firewall v14.0 are affected. New installs of v14 are affected. Upgraded v14 installs where the customer manually switched to the new 4.9.0-6 kernel are also affected. However, customers who upgraded can reboot and select the old kernel and will no longer be affected.
****The fix for this issue has been pushed in the latest build of 14.0. Please make sure you are installing the latest builds so that your Untangle is up to date****
Have more questions? Submit a request