Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pedro_Espindola
Advisor

Version R77.20.87 Build 990172938 not documented

Hello everyone,

 

Does anybody know anything about version R77.20.87 Build 990172938 for SMB appliances?

 

It is not documented but it has a download page and is available in the Firmwares page of the SMP.

10 Replies
G_W_Albrecht
Legend
Legend

I have asked CP in sk151574 R77.20.87 for Small and Medium Business Appliances why this build is not shown, only Build 990172929... But maybe this build resolves sk158092: Unexpected routing rule is shown when VTIs are configured on SMB appliances ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Scottc98
Collaborator

Any possibility that this addresses the TCP SACK PANIC vulnerabilities?

 

 

Pedro_Espindola
Advisor

Could be. Or maybe sk156192 - TCP SACK PANIC

0 Kudos
PhoneBoy
Admin
Admin

That's exactly what it's for.
0 Kudos
Aidan_Luby
Collaborator

Maybe this should require a new thread but shouldn't this fix also be available for 600/1100 devices? I understand they're end of support but they should still get security fixes I believe.

 

I looked at the R77.20.80 page which is the last version for 600/1100's and the download links to fw1_dep_R77_990172392_20.img from 2018-07-04. But if you search R77.20.80 in the Downloads site you can find build 990172487 from 2019-06-20 which has no documentation and seems to be for 1100's specifically. Also it's a .tgz file instead of a .img which seems weird. Maybe this file is for the aforementioned vulnerability?

 

If the build I found is the newest and includes a major fix I would think it should be documented, added to the main R77.20.80 page, and should be an img file not a .tgz file.

 

 

Edit: I'd also think if this is the newest version it should be what's suggested when logged into the Gaia Embedded web page. I've recently just upgraded 20-30 devices to the suggest version just to see that two hotfixes have come out since that don't show up in documentation or any official way.

0 Kudos
PhoneBoy
Admin
Admin

990172487 for the 600/1100 contains the fix for TCP SACK.
Not sure why it's not listed on the main download page.

0 Kudos
Pedro_Espindola
Advisor

Not the first time that happens.

 

The fix for SegmentSmack and FragmentSmack (sk13425) was also kind of hidden and not listed in the main R77.20.80 page when it came out.

0 Kudos
G_W_Albrecht
Legend
Legend

>> Also it's a .tgz file instead of a .img which seems weird.

? what seems weird here ?

R77.20.87  package for SmartUpdate

For R77.30 SmartUpdate and SmartProvisioning (TGZ)
For R80.x SmartUpdate (TGZ)

 

See sk151574: R77.20.87 for Small and Medium Business Appliances

CCSE CCTE CCSM SMB Specialist
0 Kudos
Pedro_Espindola
Advisor

Ok, so this build was pulled from available firmwares in SMP and the image download page disappeared (Smartupdate page is still available though).

I opened a SR asking about this, and I was told to wait until a new build is available in SMP and upgrade manually ONLY gateways that are having issues. ???? Considering this is a vulnerability, all gateways have potential "issues".

From those facts, I assume that build 990172938 is not 100% stable. So when will we have a stable fix for these vulnerabilities? This should be out and widely available by now. Any news on upcoming SMB builds?

0 Kudos
Tom_Hinoue
Advisor
Advisor

Hi Pedro,

It looks like R77.20.87 Build 990172960 is now officially released GA in the following SK.
I didn't expect this coming as an independent SK though.

I believe many issues regarding SFWD stability is fixed in Build 990172953 and above, and should include the fixes for the vulnerabilities you mentioned. (though I don't see them in the resolved issues list)

R77.20.87 Jumbo Hotfix Accumulator
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events