Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

Latest firmware builds for 77.20.xx SMB appliances

In sk165875: Check Point Response to CVE-2020-8597 (PPP buffer overflow vulnerability) we found the latest 77.20.xx firmware builds for SMB appliances - but now in response to DNSpooQ (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685), CP TAC provided fixed versions also for older models (2021-02):

0 Kudos
45 Replies
Steffen_Appel
Advisor

Trying to get it now.

0 Kudos
Naftali_Oziel
Collaborator

let me know how it goes.

0 Kudos
Steffen_Appel
Advisor

The supporter doesnt find anything newer than 3072 for 1400 or 2500 for 1100...

0 Kudos
Naftali_Oziel
Collaborator

You need to advise them you're looking for the custom build as advised on website associated to SMB's I provided you.   They will than talk to a Sr. tech and provide you with a link to download it.  It's there and available.    I've ran into that same issue in the past with Tier 1 support, checkpoint needs to improve training for those folks.  

0 Kudos
G_W_Albrecht
Legend
Legend

Do you have any of the issues fixed in the custom build ? Or why is a build > R77.20.87 (990173072) necessary ?

0 Kudos
Naftali_Oziel
Collaborator

unfortunately site is not allowing me to repost the fixes for B3077, they are listed on page 1. 

0 Kudos
G_W_Albrecht
Legend
Legend

I see no immediate need for this version as long as i do not have one of the resolved issues ! If i have one of these, i can always get it from TAC - but a prefer a version without reboots every week 😎

0 Kudos
Naftali_Oziel
Collaborator

makes sense.   Are your reboot still happening with B3072?  This weekend am testing to see how well it holds up after 30 days and logging into GUI if it cores or not.

0 Kudos
G_W_Albrecht
Legend
Legend

Currently no frequent reboots 😎, but i remember a firmware version i do not want to speak of....

0 Kudos

There is new exciting JHF released: 990173081 

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, including the fix for DNSPooQ on internal (LAN, Wi-Fi) networks. 

0 Kudos
Steffen_Appel
Advisor

It is removed from the JHFA again and it did contain the old dnsmasq, I guess tehre will be another one soon.

0 Kudos
Naftali_Oziel
Collaborator

Did anyone install B3083 yet? 

0 Kudos
Steffen_Appel
Advisor

yes seems fine

0 Kudos
G_W_Albrecht
Legend
Legend

Updated with new versions in response to DNSpooQ 

Removed 1200R SmartUpdate package.

0 Kudos