From owner-freebsd-announce@freebsd.org Mon Oct 16 22:44:53 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27D74E474D5 for ; Mon, 16 Oct 2017 22:44:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C9C2709CF; Mon, 16 Oct 2017 22:44:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 92AE019FB; Mon, 16 Oct 2017 22:44:51 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171016224451.92AE019FB@freefall.freebsd.org> Date: Mon, 16 Oct 2017 22:44:51 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Notice: WPA2 vulnerabilities X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 22:44:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear FreeBSD community, As many have already noticed, there are a few newly disclosed WPA2 protocol vulnerabilities that affects wpa_supplicant and hostapd which also affects all supported FreeBSD releases: A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. We are actively working on a patch for the base system to address these issues. Current users who use Wi-Fi with WPA2 should use a wired connection as a workaround, and we strongly recommend using end-to-end encryption methods like HTTPS or SSH to better protect against this type of attack. Please note that a successful attack requires close proximity to the victim systems. Alternatively, we recommend wpa_supplicant users who are concerned with the issue to install an updated version from the ports/packages collection (version 2.6_2 or later). It can be installed via ports with: portsnap fetch update cd /usr/ports/security/wpa_supplicant make clean; make all deinstall install clean; Change /etc/rc.conf to make use of the port/package version by adding: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" And restart the Wi-Fi network interfaces or reboot the system. Additional information about this remediation will be released as SA-17:07 once it becomes available. For more information about the vulnerabilities, please see the following online resources: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Sincerely, The FreeBSD Security Team -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnlNZRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P aucGZhAAhy2aYcwShA6qiFixQbnmlyYr83+djWRIdpS1UIVmH5d3p26uQI6l58r1 +9LriuqLa/AiEgbsRXllA4923zQ8dfZuKYY6LMh6DWO1EZv/ganr5lFtvTTZ952Z jeUndq84wIgTHQ7Bnjr3mDHMe5USXworlnIml/dj2+gNnEfr/Kkit+76JUTluHYZ KXyPuXOWlQSFseP0zipIEJXi5s/Z++3n+Jzw0yZUAoAmqU6r+yZkIWIQf209jicn 5EevBJPh+JG2KHh4am8uoObN3FTwtIasWJxX9gkU3/F3tQagBM9HmZLyYgvEdvTZ G0LjEQqXZeN3uzISRPZ0rNmMsEJQg6Y5HIF7mr8S7BcExXApGecoCRdVBq0HCB1F yJyPQiBMGsXX6eyAFhaHi9AZt/pxOa7ZbtM+q4AWej5FR1nWvWIbdjhi98tbCCTW EWjrrvrkADWq/2Hr0U/ky7sP+BYSl8Foqpzfh7isrjOiP65R9fpJ1VzU8jdeJ3vk K32D/SVeAs3uq5FJvFuhWbrpQ2+bDk0lFd6LwQGzOXa67QJtOvvn9Ulxy0U786b5 RjVC6G2HLTndWkLlYkcpMff7+m7UxNZXqmq8adNwUeMbEWfxmGkFN/1bBcBThr8J 0Yxpmw1yfMqcdf6/bAxdLaCbndZr+0rGWvaBwAzRZTP57ry29wQ= =n5+i -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Oct 17 18:22:52 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE396E42CBC for ; Tue, 17 Oct 2017 18:22:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 916877CDE4; Tue, 17 Oct 2017 18:22:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id E38B8123E3; Tue, 17 Oct 2017 18:22:51 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171017182251.E38B8123E3@freefall.freebsd.org> Date: Tue, 17 Oct 2017 18:22:51 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:07.wpa X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 18:22:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Patches are currently available for stable/11, releng/11.0, and releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are still being evaluated. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnmRUZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P aueKcxAAwObogcEZAgGioU4uZvk9kKIpmG/NwvUjcZ0viFhePowKnh6/UoFDd+13 NsjriznPNKbXPch2Gp3Zwgd/hff10vlvr69QOFXnI3/Y8b+thxkl1kCAxC0xkfEl eQBzjllMrjtrSgfKtoWInxnZLIrghuJAg4Jvvz+uWd3VTggM0pQgLUuhR/a8lWHd 3HBj5//sOhmVW2OFYC5dskYAn6TqyHtlMP9AT32h6QEyEzJeNWMlToELxy6OK59j MYaS0vclz7QT+4SATvcl8RCmxmYfyWxEtFhDmPNz4mfQ915AxTjGFv7KbjTZtunl k3niR3O8F450xduw5Yj9Mz3YdZ4ZYmvHbDgQLsMNwAmtQvXSteXUUBVNVAg9PsjR 4kxlEFsStWh6CtJVKYUvKDThnHrWYLiVUh6o/FtRm5fx2ws/gcj7H9csr8mQ0pkO zm9jVOgMe7pqI7gygOfb61Rjz6PnLgVQcnP2LoC9pB21O5Q/Q2rv9d6XN3mQ6CQ2 +mUEZ5M7TWyd6gFrP2Eu6srec1nT1NjVjzyyupgusiQve3xV0wacG0jwgy7+VXE8 Ls2a/SObVDZkvFhOYMrLVui33l7f/vgT0KImyO2fkaWjbDcEyVcm1f+A7K+hqwp8 2O/Eh+NVSG0GIbt9pro0BxsZhMb/V4WmWV+4WnLKPwCQZ9fimKA= =aNWn -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Thu Oct 19 03:49:26 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E26ACE4E505 for ; Thu, 19 Oct 2017 03:49:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF90176E09; Thu, 19 Oct 2017 03:49:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 209F7C488; Thu, 19 Oct 2017 03:49:26 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171019034926.209F7C488@freefall.freebsd.org> Date: Thu, 19 Oct 2017 03:49:26 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED] X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 03:49:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project Topic: WPA2 protocol vulnerability Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision history v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases. I. Background Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks. hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol. II. Problem Description A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. III. Impact Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. IV. Workaround An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary: wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" and restart networking. An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary: hostapd_program="/usr/local/sbin/hostapd" and restart hostapd. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the Wi-Fi network interfaces/hostapd or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the Wi-Fi network interfaces/hostapd or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc # gpg --verify wpa-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Oct 20 19:50:43 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEBBBE3E278 for ; Fri, 20 Oct 2017 19:50:43 +0000 (UTC) (envelope-from security-officer@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C3B7363431 for ; Fri, 20 Oct 2017 19:50:43 +0000 (UTC) (envelope-from security-officer@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id F31A0C9DA; Fri, 20 Oct 2017 19:50:42 +0000 (UTC) From: FreeBSD Security Officer To: freebsd-announce@freebsd.org Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20171020195042.F31A0C9DA@freefall.freebsd.org> Date: Fri, 20 Oct 2017 19:50:42 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD 11.0 end-of-life X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 19:50:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear FreeBSD community, As of Nov 30, 2017, FreeBSD 11.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 11.0 are strongly encouraged to upgrade to a newer release as soon as possible. The currently supported branches and releases and their expected end-of-life dates are: +--------------------------------------------------------------------------+ | Branch | Release | Type | Release Date | Estimated EoL | +-----------+------------+--------+----------------+-----------------------+ |stable/10 |n/a |n/a |n/a |October 31, 2018 | +-----------+------------+--------+----------------+-----------------------+ |releng/10.3|10.3-RELEASE|Extended|April 4, 2016 |April 30, 2018 | +--------------------------------------------------------------------------+ |releng/10.4|10.4-RELEASE|Normal |October 3, 2017 |October 31, 2018 | +--------------------------------------------------------------------------+ |stable/11 |n/a |n/a |n/a |September 30, 2021 | +-----------+------------+--------+----------------+-----------------------+ |releng/11.0|11.0-RELEASE|n/a |October 10, 2016|November 30, 2017 | +--------------------------------------------------+-----------------------+ |releng/11.1|11.1-RELEASE|n/a |July 26, 2017 |11.2-RELEASE + 3 months| +--------------------------------------------------+-----------------------+ As a reminder, FreeBSD changed the support model as of 11.0-RELEASE. For additional information, please see https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html Please refer to https://security.freebsd.org/ for an up-to-date list of supported releases and the latest security advisories. - -- The FreeBSD Security Team -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnqUQdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P aucLMA/9HI1y4P6OL1SxvTGqFGE7CE0oyH0WeiC4w5a9DPVwq8EKY2TAPlPBm1bV vnBjELeeBQumOKIWnuwM7SnQEc96ESp6ZpqqLeViPMVUiXLYQgt+eh++pDaEeI0S 8WF6pL25SBe6HZ1jcFUaNgGIaQDKbv9SjKY1H/p2MqF6wCLplVdi7hZpJ1APsmlo bqLXMNNQAilyEWBfHjhXFRiWN40iP6SNkY/AhAXeR3cHKbeWnmvggTcUHT6zkqXs Rhpt9XUc07aJU4zNqg0mn/pyzv+nB47VSq/jZxw1BtpjNYAja9l6RbVLj6EnpfcH xx/4icZC1sE5svQNDdyi67EaZUfMTTXgPdSzsNaXzgL+yJ2HUau2ZrQxVWiFczSv wTo+mW0mVrdAFxZyB6rpZgHxc+4iv6xrnoSwaskyo6lZ4VZsXOwML3BiTxdvFd/5 CMZQfd5iHNQe9zGboHsKmPYP4ziHrB0Qqrnfu9jdlLU9HAMPS4aGJnrzUn9IAh3D hKGYqf8LBIMdOgqTUP6HHSZj/8sc/o2Qo3QeC6Fy+sud539fx31WqsiEbyV2dh86 7kv/rhasjBcVboZcOAM0/TceS25QcrUCKZwPRdmp40EYQ+ztwCucOGWg4s9e9Os1 bDHQduUsX+VJkKC1SOPTWBvuUY6REpxxYVNr4Mdiu+s7sNMqm4U= =viRr -----END PGP SIGNATURE-----