From nobody Tue Jan 27 22:29:02 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f10SG2dkFz6PXP0 for ; Tue, 27 Jan 2026 22:29:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f10SG1b47z3x9H; Tue, 27 Jan 2026 22:29:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769552942; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ysoOkQsa1XvhWNY343DFvY7Gafz0sfzUmcdeU4zMvCw=; b=dILLg9FWKVq+uOmuik9214R/SbzQd4IyiuX9PR/hx0Y4qOwgaWpoor3eAra41AKNvAYwAn 9pFfiDqCVDSwKaaUpyxsZISGXvIBIGEUUDz4Oz6J8Cr7qe1OwRzjHYpJz0h2HtrbB1koLf MAeh4RRqSHpD6q2q9SizG6jhZ96A2WZVpdCoB9pDn5X0AEzobWMumQUYVM9KVCrxiOipj8 K4LkhVLbop5Wc7qetonLMbykgH4W+vNvtrZbJ1LPSf7vByYQrIBowwmehJnQTZVXYy3lwQ N5zE9MNrFC5SRCzerHiPFR+O91DP2UKz4kT0cmaLD3qDT1P2Fn81orkx/ynwJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769552942; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ysoOkQsa1XvhWNY343DFvY7Gafz0sfzUmcdeU4zMvCw=; b=k2P270B2gssfI2UXxQlQ8lOzOD8HOdBJqaMsuexogJ+kn8llJHlxsKxhK9q4JnvObNHSf6 UFxsf4cXEaBBtJcotMYTK5GTt/h23L3Swk/jNfh2nDCItIBUcwNhCAqGlAFOZpSs6NoZ5d E8+Qnix35SzLOgmIrqrJi2TRMLgK+oEPEuGD5Qy6HYQAH/SD0lpexHE1y9aj8u9kDilwRW G4GcLv5ZdUSQDe/w4nTknguhKyUVYM4NNChB5Nu35Ysoon2yEctm0fv7qIaUIEQa0r1x7E FNLTp/PYyxK6M6adlfMbpzCCS8a9KSRfuMiHhtW7XEgb9igUmIQYA0sv09EWqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769552942; a=rsa-sha256; cv=none; b=qWT9Xa+fMnKj50UwZpoiz0oGegpBa//DwknnLQl9jnVTBzHXAxXYCv+q/zpwcxtMGo6rrB ModXAEB41Ren3/foE328DVlGHqojGX3TIehJijPTX8DaQE+JMFCqHafNVuKqNNL7bWen5Z 7LQKxsAUoORPlkt54ekHcOnog/sqRcTyY5LDYUKnc6H4G219RAU29ii2hjfCYjDSZ/qlUP KXyCz8BoNAFwL52TvYJW1g+sZ3ILhsTRE9QTYZwYAUcytbWTcsFGSsbMgqr+d0X63lOW5K VsGPjLkhFYs6xYRFDyLmugS+IuGPNVLjsMNpBM1BxLFFderbf2Lv+VtMPIN5Ew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id 2A7353A3; Tue, 27 Jan 2026 22:29:02 +0000 (-00) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:01.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260127222902.2A7353A3@freefall.freebsd.org> Date: Tue, 27 Jan 2026 22:29:02 +0000 (-00) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:01.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-01-27 Credits: Aisle Research Affects: All supported versions of FreeBSD. Corrected: 2026-01-27 19:14:58 UTC (stable/15, 15.0-STABLE) 2026-01-27 19:15:49 UTC (releng/15.0, 15.0-RELEASE-p2) 2026-01-27 19:15:10 UTC (stable/14, 14.3-STABLE) 2026-01-27 19:16:22 UTC (releng/14.3, 14.3-RELEASE-p8) 2026-01-27 19:15:19 UTC (stable/13, 13.4-STABLE) 2026-01-27 19:16:45 UTC (releng/13.5, 13.5-RELEASE-p9) CVE Name: CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions. Instead of exhaustively listing detailed writeups for each issue, please see the referenced advisory from OpenSSL. Issues affecting FreeBSD 15.0 (OpenSSL 3.5): CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID CVE-2025-15469 - "openssl dgst" one-shot codepath silently truncates inputs >16MB CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function Issues affecting FreeBSD 14.3 (OpenSSL 3.0): CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function Issues affecting FreeBSD 13.5 (OpenSSL 1.1.1): CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function III. Impact The issues include improper/missing validation, NULL pointer dereferences, out-of-bounds writes, incorrect data exposure, input truncation, excessive memory allocation, and a stack buffer overflow. Security impact can be a minimal information disclosure to a potential remote code execution. See the OpenSSL advisory for specific details. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch.asc # gpg --verify openssl-15.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch.asc # gpg --verify openssl-14.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch # fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch.asc # gpg --verify openssl-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 5626e81f1a43 stable/15-n282001 releng/15.0/ 02f448fe5cc2 releng/15.0-n281004 stable/14/ ee8d50bfd59e stable/14-n273467 releng/14.3/ 65c1295c6bb0 releng/14.3-n271466 stable/13/ 1741502f8d93 stable/13-n259728 releng/13.5/ 9afc16c4e8a2 releng/13.5-n259198 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDQACgkQbljekB8A Gu/F1g/+LJ7/7CqPRxwRZ3/PCX6aDCnCOtau49/5EsYYRzplz9YdFIOrfXKd9krg OQy4gRufTAImG+vbVXjNfWD10r7pLVgbrqYjT9uGMPWEHlaMBlZz/d2sM86B8nLa KfEuiQYYLFCvU8N8JsdF2krZ8RI1wCs+cMSddOgCmDTsPykDIW37wRYYkxwZakG4 yQ8tJ1yTn07ayuNXvPdYUeyH67HCDXHOedZUBAQXvjYTpYna1XEOIOEptm73TEMp /+UN4YPSmpAEBqo4sStEcZ4hTesMiP90hUXFH97QN5Hj4rYZQqHuPNgPJL3XLnZD n/exm89riGa+Pag8Ok4y5uknAN0FtiKN5pIsTiFhmDzyl8maTD+nraQe3yyDai0Y F8kR/z+ceQv7HtNl9ACSW57a0YSngURzdNH6jK1LyroXg15U55D4M/5oGKZPC0B1 yg3qjvyHL/RTd1mx+UHNP6FXpZzTGwav1Y859jnD7UVHDJPKvGC1bol0QklgQ2jf zR4reh7kITU59CB1iMp1qB5N9oIBi1XVEIRYP59p/fqSb4H4WfGMDdpv4GwI4KGB KsNylKJ+lBIqRy5NyIUaTEScog4RCPbghUdg9hpX9eitB5XIaLDg9qtBhPeYj2/v mSk9hEDZT/BvxXWrYskBs6vyoT+gNtbHByLBRTdJp/GsDxfntPo= =G/dg -----END PGP SIGNATURE----- From nobody Tue Jan 27 22:29:07 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f10SN1n6Qz6PXGj for ; Tue, 27 Jan 2026 22:29:08 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f10SM69WPz3xG9; Tue, 27 Jan 2026 22:29:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769552947; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ds2YUkVjiRYzNJ3euguG7sF1/IQ3ER2XYH9M1fFM1B0=; b=UC4qBiLn4wGXViwS3Is4Yy/qmmhIDyg9ufem8NHM+h3Oue3WBMiYIct1HFnWPcPm8H7LKT 181h73+C7aQQRh4naMryakKmQCjn08gO2zbCadvc+WXH2nG/kI4pn7bb54P/hRExom8Ps5 hx5q6DRLL9gS8s9kjQDUoEqwII/dmeHvSu+GeGduwWFtNHT5KhR8bdP4BSRHXw5gbZSDtK e3XrFT/mMhv8Wb0/WDdiCDXEfxNsKiGl4UR2UDQRDDcn6yhaoYeHJe324L6EM2kY0KYCZN d1DTK0fb5H7126YMM2yDj50xy6c+UiXFLJUBwmOZiTGqUMFHsl3yYRhlQ8qeMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769552947; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ds2YUkVjiRYzNJ3euguG7sF1/IQ3ER2XYH9M1fFM1B0=; b=OTXFjwhT7GF9npAEkNwizPwRTpACjkL60UbbpRj8cTR174EmoMJw0AFyDclWuOHEZDcjAF apY9rLtau1qOBK5pMT6sOKhfFr47u43crMJ+Pvd0Si22i0y5+WS9qTe44cbFY3h76eCG4N /BdV7bJDfRg5ilYOUJiD1xjzBR4yZVPijBxsyBEUQRO19TKfuY/TrLkqGqAfHVduOnyzGs PKZAlnHx9nKyCogSdguJ4G64vsV6Zsm+pjDZMDXAGoVCuPJDmjuCMaQ1ZMvHWzny1SQb5l duoOR1SyKYCsX4E2IByVndANe9B3B09sBtyXBXjg4Ls7hvybUP95Rxwqgo0jYA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769552947; a=rsa-sha256; cv=none; b=o5oN4hTXJbN91W8eUOzBuY46QzLfjCeBWJoqjl6omlUdQz9watoLPQlrIGYNnRdg5K2Y+H l7IqjE7syneEj1JbbRqOLjbO84J9Z7bnaM0smXH6SHHLvAplTsL1xKL92Qx7loeVVQPWAD +tdY42tZUc3R72KlSpSHvcihiT2aT0kDgkJxLKBXgX046m83iR6AFEMJNtbc6lg/sgIFis XI5Ls2/SoeEsrWe1Dw8dgrGmfEDr9gH6kJFiyvjqKDNT/p3kHQ+hJ2/n9uy1kBNFXNB/P7 tTJJ7yUmQNL65+UXoHzhwk7rw8QJspMMJeXKFlzoQLXeYcg7sgO940l5xCd2zg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id BB3CB173; Tue, 27 Jan 2026 22:29:07 +0000 (-00) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:02.jail Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260127222907.BB3CB173@freefall.freebsd.org> Date: Tue, 27 Jan 2026 22:29:07 +0000 (-00) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:02.jail Security Advisory The FreeBSD Project Topic: Jail escape by a privileged user via nullfs Category: core Module: jail Announced: 2026-01-27 Affects: FreeBSD 14.3 and 13.5 Corrected: 2025-06-30 14:21:28 UTC (stable/14, 14.3-STABLE) 2026-01-27 19:16:15 UTC (releng/14.3, 14.3-RELEASE-p8) 2026-01-26 15:51:19 UTC (stable/13, 13.4-STABLE) 2026-01-27 19:16:37 UTC (releng/13.5, 13.5-RELEASE-p9) CVE Name: CVE-2025-15547 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Jails are an operating system virtualization technology which allow administrators to confine processes within an environment with limited ability to affect the system outside of that environment. In particular, jailed processes typically have their filesystem access confined by a chroot-like mechanism. nullfs(4) is a pseudo-filesystem which allows a directory to be mounted at another point in the filesystem hierarchy. II. Problem Description By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. III. Impact In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root. IV. Workaround No workaround is available. Jails not created with the allow.mount.nullfs option are unaffected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch.asc # gpg --verify jail-14.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch # fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch.asc # gpg --verify jail-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 53963866f708 stable/14-n271804 releng/14.3/ 193ae464aa36 releng/14.3-n271460 stable/13/ f0fbaa71a5a2 stable/13-n259726 releng/13.5/ e87a5dd8054a releng/13.5-n259191 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NVcACgkQbljekB8A Gu/70A//VWtonOhQP9CeZPUOL41yHUYKOOm9Wf6DkbWqq7aqxcpM5FiGn3Wq84ql Qy0qpLIXg4KpHD8qjARqQDg2A3J60O1yW2X7WWLRCCDVMsPRe5sNCuwPH88Mzu+x 1VsE9qne25CKJrLcvFsMoO6XfCx6yQ4Qw6uZjyk1DPPIjZfaZYaM9ysAswAo8tsi 7/s+NsFImjN9S6S7q7Z3E+222pOmEkhUKPNaCXoCXTeutiMd+18oxL290xzXs/49 0NpdOQcX9R+AiA3hJYkrg6YwoxJASc4aXUv7/SKNRdyL9eRiRkt0ta5jsCup3CXw SIovbhzauXTbv+AliUoAVSXnEK7S0MyUoMM6RG6OPH7JoKf83Sx61P+D8Y1fMYs1 Gd+g5Nw00Xk3/8hQUSo91K3+A0Lb88QLt+Wc8pzaj7QYfaaYb9DSfyx3U/cjbYiv sovFZ7D3r0EH5P3n1jkWHQWrV1/u4I7nd/URC0Lz4WUhEfM3X0abaq5q939fpvJU y37vBlbfw5d139S3C2frPR2sPX6e6K+jXZzjnpLtYF6CsIjfcfWRCRu3pBvWJ24X /KCJ2AlhGRDcTbYjafzUQMcni4lw5uZ/gpl5SGfbcOTaM1yC0HWmG8W9NaYR79Gn QtZ+RgQm5wJJAzHX9wQbVTaMoWW5/AbQy2dhDZBjx2rbZmOGBNc= =SqAm -----END PGP SIGNATURE----- From nobody Tue Jan 27 23:56:50 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f12Pp5mrcz6Pk4S for ; Tue, 27 Jan 2026 23:57:02 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic316-55.consmr.mail.gq1.yahoo.com (sonic316-55.consmr.mail.gq1.yahoo.com [98.137.69.31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4f12Pp1sZ3z3T58 for ; Tue, 27 Jan 2026 23:57:02 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1769558214; bh=U/Y6lkAfLQE/g+AGiaaZuFsEyh/+xPMGHZttwN4yI/E=; h=Date:Subject:To:References:From:In-Reply-To:From:Subject:Reply-To; b=DMG7ENIIckEQ1PKvUJxshGGLnLK1c3UpZm4c2+IzGFs0VD3H4nEWPkY2Elx8ZitHOfj8j62QJ94dcNXdhIMYaPiavqh+BhmWe/EevJezkEAHZpUxi3llDQ6RQ6qkyaldni1dyydxTs2n32gM0mvbcMb/ZGUs5mLpSZRcECo6gvHfkuRII5wNt44WnkhdSp/UTmP2xSCSYbcWk5j3qo5tZUJgSfe98zJhBvF/dxgoeOco/UsDBrbiSYO2tuWe2G1XH1R0G9DBwutEzVtaycJuDPUgJlq3uftD6LEGxUsd61HYS2+Y07E6pOvIn6HQdwxzy0Ac7n231IsK9qL+6Hb4WA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1769558214; bh=Br0MPshY0tpQgjx8wzN0YlOZxpdoboYMfni/oVZHO27=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=sbqEfl/W3bx8sa+BvSYaWtKdrkS+YUbwW/u/I6KbWGLVX8z8vbF8EBf841x1VXMIB8IjkVTH1ow3B+e6mdSL4wMAozhNXQAR200HbtlJ8M6GWu4aI1kJztaqTnrXMdZYq/PGhqrZsD/7OMS+sgkZWZ0lt1DN1sI8FhvjvMEcg5znefkHb86wkYYb9O9qMmG/aM3gNJ8aGvy2pNnM+dC+yQ4emKjlVCY/hdc/Iubs9vwO44AcbyVFEDqWEfvwvqvXu/OqcVU8Atdw8vjjyqMTLeDBHn9GAJ5sGI673dJowlf1f8vJW6c/sU/NqfZTuz8zrkQre+5sETcv6wRHahMq7w== X-YMail-OSG: 3zsQljcVM1lQK1mK9QLW.wA.5TdK5rs3aJ3hRUXLUhJjG0qEDawGQzc3x1yg3qh aPtGYfL.3PUZ7lYzaa0rBQam8O53e_TlLlScCsQseDrIl0T1iKrGsazxAmWvYf4ta3PfDDFiEK4E OYSVlInFhmi.Pa9CvluE2shzm0CgqqeCv1v0DXUjFDl1yN4tETICxS.JB53GBkGRbon75lFkv_Le _P5w6KAErYpImx.ny4uSvyHS5tX9Mo0v4z8nytmLDu6auAZZp2vGPpqHvpolKXSe3vLnTp2iNK_Z YteXELT3OW8lQXfBNa5Ljithf7Pn8eNyAVYPyjo.R.Ld5ZByYLgdHjRBkO_HBlE599YPGpO1PwiS _NntUxOpsvenK93f.MJPqMHFmwtvzueY2efBO8_sjAc5IsTbbb3W64oR5AKDNXVM0.OKL6pN8nTv 9PEcyhhTrGUtBthQ_j91LXAYE._2aqQchVr90MNXUV8MObGmnbj9WUXKSzZ02lGmVC0WI06eqYj8 He8jfFtdwiNeF1haRZHEktcwTA0ug0IlQjKz7E6dZBOOQsDnwQy9a9zUyb3PyLPBm8YAwXGVt_OK _zl0EezXNPaRyFofXgPKbEnL8ZHGfblvcGYNd3pz7TlDnePPLUgEex4foV37yIu250IU_opu.k3R 7n8t08GiIsEwvUZugPGMnpN36bcQMUmYxud6j30FZ19IKTkhLHksMxhPN3ClZMMvgdCUzM_Kl4iV _00ZClVqddkQcoY0JngnSsjnptUvkVa.LHQY31c4OQq.oFjz0ppwS8f0d2Q1ObmLGVdk8mRC.eRL 6D8bjCl3aj8JP4I3pi.fXg8ur82qjJZokC0A0RUBstvPraVa2.9W4kzsC.hnfu3Y_e50L2WwczZT zchj7k2zYlpxbV00xvlUqP7A92XKfLTMjjNCWY8hdCUn5BvpI_rhVV9cuyKjK9yyyjNB0jcp.67o d9_6DFrWDvWwV3dKSx8QLspA6mUKRyi9I63PQNa_MhqHfEB_UxNuQDOfBcR6f2Rb20xukRaMOGRf Uw2kDwensrhpUrd2WkaWfdcSU.7yFChth5MDVGoJOR_AeuP4PHAcx7_kN_J3UCcPl4slJ1aVN_mq stpq06WPZW7J0S9Itw_Lq3v32.M6kB5OxMT90MPvSMOvJOqolNcYqlEY.0Dr69UFr5D_Ipu1mdV7 n7eD_om1VRDmbTQ_XQ5xY17Jd6NuJ00EucrrJjxSjb8VxTnF97Zg.ZHIECHjdXiZBKLT9GeqVbZz S1WSt5..UQnNda6_tFriM3ma_FXz0djAML4iTJJM8QBmvEhLHaTL9GWACRThni_hlw3w4sl3X7xS Sr2vLypMPHvQiGa185Ywe_NTbNYI2OHc1WjQYadocZAW2NBLZ3OWeTI6wIn8ahMMY3KnZz2FcPDV OXPrm8k.79LenfOOqrulvwoVH7mTmU1LMaoegD80H3tUDWAUSljZsx5xcA_f40H4kVsk_E70XXIe F.p0yBNZ_2eI1sobs4nZeBUmZAu6MjBkx0rRUylwg1C0mcn9N5VWk3CuBwTdKVFaz_bo6LrQUZ8r w6adK4mraTyiKzW2ckOxh5p8ZdQ.6bP_VW0cHtJst.UXYwe_vFwezabrxHj8K5FPQ9D6kXP27oeS UJ.cn30QS6nkCMQ_tfZxffjYsJ8lf66XjmBAQq_CzwDkb8f0oAh7qbPXNsKcvuli1gOe4gEi5l3g FCsYDGo0aUAGaqpLwBJiQfPEc_SiWzD5pGSU5jKaxkuUIl5wX3Da4r0Gnew_rePl2APhWTuWsr6R IqsnoiDDhyGvshPEXMNle6GxV62nc26Kr.n3Ttvp7kMy6WVertsHFs0GNrTJVDXDvgti4Rk3ksW5 Pd0hotSfsEsXb596e_KA4LVHnq2jEyvfyxk4cmJRblyXonRCXrhv2WryLYTZp_oKiuvjSoL5oCRL .zSblDBImpitt4gx1Mu0sPPeHecbu_hhe55vBcTkhUE.sN.KpytYfof3K6RC56QWjrCiTLmCKDtU Ro9DeApMdfrW4Teyo6ZWXrvSRCksCfastp_czi9eBTY9yR9dzcNrYlhvYBOJG4lLyAfKhH72aXl_ iLoAbfodPzCXdu_1C39AwAvpIrv53KZQSOi2jdRc.APqmxXRqPODTvbP_xUhENmO9RJbrK2igaX2 GQ5Rhw_CE2HSmn.Ox5BGKkbdTSKOdHVvE_MMrN88VQuS7P4OwmXr.KHI7koRuTX5_oU6NXXgtFAT Q279mn8MLUKnU4we9wAqDP8tQyFEcXdc96dphaH3Yz6bf5qQMg3nKAtFivNsR.URAICic5ckrtJw 5mSAozmiHO0kGV.6h9z6seZW4BA-- X-Sonic-MF: X-Sonic-ID: 3c648624-b698-4de8-893f-956aa3b8f1e1 Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.gq1.yahoo.com with HTTP; Tue, 27 Jan 2026 23:56:54 +0000 Received: by hermes--production-gq1-86969b76cd-nqwkg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 91301acec3a7109d367302cd2aaa24c1; Tue, 27 Jan 2026 23:56:51 +0000 (UTC) Message-ID: Date: Tue, 27 Jan 2026 15:56:50 -0800 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: FreeBSD Errata Notice FreeBSD-EN-26:03.vm [and other notices/advisories from today: pkgbase instructions?] To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org References: <20260127222855.40E6D3A1@freefall.freebsd.org> Content-Language: en-US From: Mark Millard In-Reply-To: <20260127222855.40E6D3A1@freefall.freebsd.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.24987 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4f12Pp1sZ3z3T58 On 1/27/26 14:28, FreeBSD Errata Notices wrote: > ============================================================================= > FreeBSD-EN-26:03.vm Errata Notice > The FreeBSD Project > > Topic: The page fault handler fails to zero memory > > Category: core > Module: vm > Announced: 2026-01-27 > Affects: All supported versions of FreeBSD. > Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE) > 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2) > 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE) > 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8) > 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE) > 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9) My notes use this Errata Notice as an example. But all 3 of the Errata Notices and the 2 Security Advisories released today look to have similar points relative to pkgbase-based FreeBSD OS installations. > > For general information regarding FreeBSD Errata Notices and Security > Advisories, including descriptions of the fields above, security > branches, and the following sections, please visit > . > > I. Background > > The mmap(2) system call allows applications and system libraries to allocate > heap memory using the MAP_ANON flag. The system call allocates virtual memory > in the calling thread's address space and physical memory is allocated on > demand as page faults occur. Memory allocated this way is guaranteed to be > zero-filled. > > II. Problem Description > > Under some conditions, the physical pages allocated and mapped by the kernel > may not be zero-filled. > > III. Impact > > This bug has been observed to cause process crashes. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your system to a supported FreeBSD stable or release / security > branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your system via a binary patch: The below freebsd-update use is inappropriate for pkgbase based installations of the 15.0 variants. [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based systems but (1) does not apply there either.] > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, > or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) > utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r now > > 2) To update your system via a source code patch: The below source-based steps are inappropriate for pkgbase based installations of the 15.0 variants. [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based systems but (2) does not correctly apply there either.] > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 15.0] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc > # gpg --verify vm-15.patch.asc > > [FreeBSD 14.3] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc > # gpg --verify vm-14.patch.asc > > [FreeBSD 13.5] > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch > # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc > # gpg --verify vm-13.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. There is no section for --or mention of-- pkgbase or of use of pkg/pkg-static commands for updating at all. (Such would not apply to any 13.5 variant.) > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > ------------------------------------------------------------------------- > stable/15/ 3c0942f99209 stable/15-n281508 > releng/15.0/ 6e279feb40be releng/15.0-n281002 > stable/14/ 99f641267d44 stable/14-n272998 > releng/14.3/ de311ee39b3f releng/14.3-n271457 > stable/13/ babac9d7bc05 stable/13-n259725 > releng/13.5/ 4967e14ba25b releng/13.5-n259188 > ------------------------------------------------------------------------- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat > > Or visit the following URL, replacing NNNNNN with the hash: > > > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > The latest revision of this advisory is available at > > > -- === Mark Millard marklmi at yahoo.com From nobody Wed Jan 28 20:26:24 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f1YhN21mYz6QlG0; Wed, 28 Jan 2026 20:26:28 +0000 (UTC) (envelope-from rich@redstar-assoc.com) Received: from mout.perfora.net (mout.perfora.net [74.208.4.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.ionos.com", Issuer "Sectigo RSA Organization Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f1YhM50Fpz40cP; Wed, 28 Jan 2026 20:26:27 +0000 (UTC) (envelope-from rich@redstar-assoc.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redstar-assoc.com; s=s1-ionos; t=1769631985; x=1770236785; i=rich@redstar-assoc.com; bh=14tIoCr4GJ5QP5Kd9RTfTljD+smar0zAZl9W70BiT5Y=; h=X-UI-Sender-Class:Content-Type:Message-ID:Date:MIME-Version: Subject:To:References:From:In-Reply-To:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=GJeORVSblHD7sthlaeqFvTUeDp0U6G9wB88tQXt/S3gUT438k1t5BgwKkfs3ZKJ9 IIOQ0CHRzLbqLavmEfhjwdzYQ6+bvwcSFU6QYyussb8UKmEHAMr3fq+ERt3HqTOb1 Yl3a8YQWrLrEUtPRnSFMpD9ccMO3loyj3A4XcGzmCWKjVvVxIiKuInxMvW0PZbq2B 7IJSFTo41qLETIjq9VR40aa1NokaV7Wk61JOZPF52WFomRbFa9KTtN1+4ia7xgAoA WtoGXUIRFsegsdpOf4dN9PPnX53JsuZ8poJgzCVpzv7mMxty9BJJJlhz7l/OBTW3/ XT3UJQfJAs8vek/X6Q== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from [192.168.0.102] ([162.246.196.44]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MaYff-1vRby41JfN-00U2d3; Wed, 28 Jan 2026 21:26:25 +0100 Content-Type: multipart/mixed; boundary="------------M61uOMh1V3V0QHYA9UNvVGUS" Message-ID: <021b88a7-9855-496c-b47a-26357d3c080f@redstar-assoc.com> Date: Wed, 28 Jan 2026 13:26:24 -0700 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: FreeBSD Errata Notice FreeBSD-EN-26:03.vm [and other notices/advisories from today: pkgbase instructions?] To: Mark Millard , freebsd-stable@freebsd.org, freebsd-security@freebsd.org References: <20260127222855.40E6D3A1@freefall.freebsd.org> Content-Language: en-US From: Rich Reynolds In-Reply-To: X-Provags-ID: V03:K1:uMfZnkHXaM41Bx0GPYB31EV3hLXCj1xzWHN/6TJzUhTltUfDImJ Sfihd9JXPjVHXCXzspawnJaPXwD0joSs1cldFya4h12dCZB2YCFaAYODAVRy2XU1iPQnQXY MYG1l6pFdUcCErYn5QSwBBl02rT5K5dA565O2rei7Pe6F08owJ/8OW92uxQTaZKJtLstYZc YCgHL5qs9ysvJ5Uw7lMOg== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:W0slZjry5DU=;1XLv8APh1yHeucmJFQQSSTrKI1C iSJ2JQptd60+b9R7SayZm0X9dFAK+6ZGMETxMzHrZv/ukbDB4CkN+qkAuuSNundfvTwblNuR+ VF2Xz8wsz7S6N0pI/nq7TnU0pMmLzlPWsprGZJCFBGWQszDjvpl+e8Mu7wj4GWgDE75b1surR ErW6WLk+ud2mXmrA8zvSmbuEuHbllbjbLu8Cd0Bt+pcMZGP8HLexktFYzsSNSxFwKd6+hbQTb z7FTZQPRdBHKEBA3j9Nu9AkbsNuirp80WNtricCC5gHcZEThRO5KcIoTAo+Z6In1kYmrWjlSI uojW2dyjc5N+yV9RMlXkQDhQd6dm8i8N0A3R6FEYuXXyaLL6RnldxleUZwH5fmC5rb9yleTWN VFkRuSKahv/lc44+qQ6e7Xap4ZvMd3+dm5UwDb6VQGRzofMiDAxscOXONQxdR0EoqwzPSo/Eg Fl7zJQQIXErSU8yQAnb83s3T4hTY872V4JWOWUWTQasdh2WCBzHPQZHHY9ZofVwS9Ee9zz3jS wkSExxTfhP/srEOCY8JBMurmr6yhBNdSArWnwWHTeQNDPoVwUXPV7HAgtV+4W2EMOpfxsExQe 6BdvRFigIQ/ZOyFAqizeWu1AA8YIrQC6W/Gp+7dXQ90+jiVBO9XwMWH5HT/NudnyvTWqlCZK1 uu3BPrNKFFA3eAuECm2b0qZM22GHxdtB6eYZWkJug3IstbKYd54d5VnfJ6vt7ejyoM3883Ykt YlN/0byrZYRLTPDXeOUl6XarYN9Je05KwXeICcBW8auR1zL8w5fKmXv+0ZwVzekEl71hzYJfZ HjmhqJoDImqPLYArs8e72lBJF2/Oqp004226wPJolIqwtLPR1fADt7DRwqr5zcKeiAQQ+20YL QFcMKRV37jl351XlqoTOHdyMMihUTUtECODZEfHdfsS6dHLkdOXE99HZDWHiptgyoSOiQdSnX OZZE6AFhvL22haln5NIqJotFN4T6OoBXiysREisN4v3EInWy1DCE/VgK1vkA48jKjzbsFhOz6 fwrMoE/S1G6jxSwHJJnaSaC8OQE1KXPR+o1IOjJfqxijmV+til6ZIWspj++RXfpsR1HhsNj90 ZfByZERN39MK1/qlDms8LbnoKL4rqnbYkJTKGreX5LnvCRvHgb23hiBa93aoWp2wCGQBpkvry MxdxBx7QGiQaMBRabDcOWAlOkzXliM7IQDBlcMt2trwq8mOLRM1g7coTlQLhUYHCSkzB/Y8eO 0bFkyROia/apZG3b/i+c5ygeSrAlIPt7QI0ai/zcQNfD0PVY4mg79x8q/SQ20IJ2E1ozayTK4 xsYw0Y9m/6qU1jLjfqsRXRE1qjco6zJJusVqt2h4jQ3FhVz3F97VHDqkFKP2s1SUEXNH/HOUz 1XM0bZoELbQ+L0pd4Kmqu3CLqxpNSX3cOKvR5cb2fswMX0oBJMN3BMNbnM5bfw/o4hUGBDZEl H7hFfwzwaz9J8DWW3Vd2t5FMYMhUaYU5Vap+gxupOLfMjqMFHGTfv/GuC29m4AbZxXO0wwFja vnXoe50Qe9KN28EQL8nAgQjrMY5KM5iW6BsMt4bI4BBHfdBeqI5Vq5M2qAphiGeItIe8YE16X 9LeYYn7fPHaLOxEyR1TLkmAaE+NpC8begalEdp6o/LOAoPSidasqW/GU3SxTMkfrmKbT55HZK kJxO4zRDdMp3NKbp/VyySSKeq65QYDRYCI6qf+hwsJAp7vt7g/jZzfMMljDcA8tKzTx5GkUMi DucngcLWIjRhiHfd9adktaC9BH4vXzZc+/GrP55d00fnAYw11yycSR1c= X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8560, ipnet:74.208.0.0/16, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4f1YhM50Fpz40cP This is a multi-part message in MIME format. --------------M61uOMh1V3V0QHYA9UNvVGUS Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 1/27/26 16:56, Mark Millard wrote: > On 1/27/26 14:28, FreeBSD Errata Notices wrote: >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D >> FreeBSD-EN-26:03.vm Errata = Notice >> The FreeBSD = Project >> >> Topic: The page fault handler fails to zero memory >> >> Category: core >> Module: vm >> Announced: 2026-01-27 >> Affects: All supported versions of FreeBSD. >> Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE) >> 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2) >> 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE) >> 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8) >> 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE) >> 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9) > My notes use this Errata Notice as an example. But all 3 of the Errata > Notices and the 2 Security Advisories released today look to have > similar points relative to pkgbase-based FreeBSD OS installations. > >> For general information regarding FreeBSD Errata Notices and Security >> Advisories, including descriptions of the fields above, security >> branches, and the following sections, please visit >> . >> >> I. Background >> >> The mmap(2) system call allows applications and system libraries to all= ocate >> heap memory using the MAP_ANON flag. The system call allocates virtual= memory >> in the calling thread's address space and physical memory is allocated = on >> demand as page faults occur. Memory allocated this way is guaranteed t= o be >> zero-filled. >> >> II. Problem Description >> >> Under some conditions, the physical pages allocated and mapped by the k= ernel >> may not be zero-filled. >> >> III. Impact >> >> This bug has been observed to cause process crashes. >> >> IV. Workaround >> >> No workaround is available. >> >> V. Solution >> >> Upgrade your system to a supported FreeBSD stable or release / security >> branch (releng) dated after the correction date. >> >> Perform one of the following: >> >> 1) To update your system via a binary patch: > The below freebsd-update use is inappropriate for pkgbase based > installations of the 15.0 variants. > > [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based > systems but (1) does not apply there either.] > >> Systems running a RELEASE version of FreeBSD on the amd64 or arm64 plat= forms, >> or the i386 platform on FreeBSD 13, can be updated via the freebsd-upda= te(8) >> utility: >> >> # freebsd-update fetch >> # freebsd-update install >> # shutdown -r now >> >> 2) To update your system via a source code patch: > The below source-based steps are inappropriate for pkgbase based > installations of the 15.0 variants. > > [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based > systems but (2) does not correctly apply there either.] > >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >> >> a) Download the relevant patch from the location below, and verify the >> detached PGP signature using your PGP utility. >> >> [FreeBSD 15.0] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc >> # gpg --verify vm-15.patch.asc >> >> [FreeBSD 14.3] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc >> # gpg --verify vm-14.patch.asc >> >> [FreeBSD 13.5] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc >> # gpg --verify vm-13.patch.asc >> >> b) Apply the patch. Execute the following commands as root: >> >> # cd /usr/src >> # patch < /path/to/patch >> >> c) Recompile your kernel as described in >> and reboot the >> system. > There is no section for --or mention of-- pkgbase or of use of > pkg/pkg-static commands for updating at all. > > (Such would not apply to any 13.5 variant.) > >> VI. Correction details >> >> This issue is corrected as of the corresponding Git commit hash in the >> following stable and release branches: >> >> Branch/path Hash Revisi= on >> -----------------------------------------------------------------------= =2D- >> stable/15/ 3c0942f99209 stable/15-n2815= 08 >> releng/15.0/ 6e279feb40be releng/15.0-n2810= 02 >> stable/14/ 99f641267d44 stable/14-n2729= 98 >> releng/14.3/ de311ee39b3f releng/14.3-n2714= 57 >> stable/13/ babac9d7bc05 stable/13-n2597= 25 >> releng/13.5/ 4967e14ba25b releng/13.5-n2591= 88 >> -----------------------------------------------------------------------= =2D- >> >> Run the following command to see which files were modified by a >> particular commit: >> >> # git show --stat >> >> Or visit the following URL, replacing NNNNNN with the hash: >> >> >> >> To determine the commit count in a working tree (for comparison against >> nNNNNNN in the table above), run: >> >> # git rev-list --count --first-parent HEAD >> >> VII. References >> >> The latest revision of this advisory is available at >> >> >> other than overwriting my cloned git /usr/src directory, 'pkg upgrade'=20 acted as expected. now if i could just get my build from source repository to be as easy. thanx gang. odd1 =2D-=20 When you believe in things, that you don't understand, then you suffer, superstition ain't the way. Stevie Wonder - 1972 --------------M61uOMh1V3V0QHYA9UNvVGUS Content-Type: text/plain; charset=UTF-8; name="15.0-p2-pkg-base_ pkg_upgrade" Content-Disposition: attachment; filename="15.0-p2-pkg-base_ pkg_upgrade" Content-Transfer-Encoding: base64 b2RkMUBmYjE1cjovdXNyL3NyYyAlIHN1ZG8gcGtnIHVwZ3JhZGUKUGFzc3dvcmQ6ClVwZGF0 aW5nIEZyZWVCU0QtcG9ydHMgcmVwb3NpdG9yeSBjYXRhbG9ndWUuLi4KRnJlZUJTRC1wb3J0 cyByZXBvc2l0b3J5IGlzIHVwIHRvIGRhdGUuClVwZGF0aW5nIEZyZWVCU0QtcG9ydHMta21v ZHMgcmVwb3NpdG9yeSBjYXRhbG9ndWUuLi4KRmV0Y2hpbmcgZGF0YTogMTAwJSAgIDM1IEtp QiAgMzUuNSBrL3MgICAgMDA6MDEgICAgClByb2Nlc3NpbmcgZW50cmllczogMTAwJQpGcmVl QlNELXBvcnRzLWttb2RzIHJlcG9zaXRvcnkgdXBkYXRlIGNvbXBsZXRlZC4gMjM5IHBhY2th Z2VzIHByb2Nlc3NlZC4KVXBkYXRpbmcgRnJlZUJTRC1iYXNlIHJlcG9zaXRvcnkgY2F0YWxv Z3VlLi4uCkZyZWVCU0QtYmFzZSByZXBvc2l0b3J5IGlzIHVwIHRvIGRhdGUuClVwZGF0aW5n IEZyZWVCU0Qta21vZHMgcmVwb3NpdG9yeSBjYXRhbG9ndWUuLi4KRmV0Y2hpbmcgZGF0YTog MTAwJSAgIDM1IEtpQiAgMzUuNiBrL3MgICAgMDA6MDEgICAgClByb2Nlc3NpbmcgZW50cmll czogMTAwJQpGcmVlQlNELWttb2RzIHJlcG9zaXRvcnkgdXBkYXRlIGNvbXBsZXRlZC4gMjM5 IHBhY2thZ2VzIHByb2Nlc3NlZC4KQWxsIHJlcG9zaXRvcmllcyBhcmUgdXAgdG8gZGF0ZS4K Q2hlY2tpbmcgZm9yIHVwZ3JhZGVzICgxNyBjYW5kaWRhdGVzKTogMTAwJQpQcm9jZXNzaW5n IGNhbmRpZGF0ZXMgKDE3IGNhbmRpZGF0ZXMpOiAxMDAlClRoZSBmb2xsb3dpbmcgMTYgcGFj a2FnZShzKSB3aWxsIGJlIGFmZmVjdGVkIChvZiAwIGNoZWNrZWQpOgoKSW5zdGFsbGVkIHBh Y2thZ2VzIHRvIGJlIFVQR1JBREVEOgoJRnJlZUJTRC1kZXZtYXRjaDogMTUuMCAtPiAxNS4w cDIgW0ZyZWVCU0QtYmFzZV0KCUZyZWVCU0Qta2VybmVsLWdlbmVyaWM6IDE1LjBwMSAtPiAx NS4wcDIgW0ZyZWVCU0QtYmFzZV0KCUZyZWVCU0Qta2VybmVsLWdlbmVyaWMtZGJnOiAxNS4w cDEgLT4gMTUuMHAyIFtGcmVlQlNELWJhc2VdCglGcmVlQlNELW9wZW5zc2w6IDE1LjAgLT4g MTUuMHAyIFtGcmVlQlNELWJhc2VdCglGcmVlQlNELW9wZW5zc2wtZGJnLWxpYjMyOiAxNS4w IC0+IDE1LjBwMiBbRnJlZUJTRC1iYXNlXQoJRnJlZUJTRC1vcGVuc3NsLWRldjogMTUuMCAt PiAxNS4wcDIgW0ZyZWVCU0QtYmFzZV0KCUZyZWVCU0Qtb3BlbnNzbC1kZXYtbGliMzI6IDE1 LjAgLT4gMTUuMHAyIFtGcmVlQlNELWJhc2VdCglGcmVlQlNELW9wZW5zc2wtbGliOiAxNS4w IC0+IDE1LjBwMiBbRnJlZUJTRC1iYXNlXQoJRnJlZUJTRC1vcGVuc3NsLWxpYjMyOiAxNS4w IC0+IDE1LjBwMiBbRnJlZUJTRC1iYXNlXQoJRnJlZUJTRC1yZXNjdWU6IDE1LjBwMSAtPiAx NS4wcDIgW0ZyZWVCU0QtYmFzZV0KCUZyZWVCU0QtcnVudGltZTogMTUuMHAxIC0+IDE1LjBw MiBbRnJlZUJTRC1iYXNlXQoJRnJlZUJTRC1zcmM6IDE1LjBwMSAtPiAxNS4wcDIgW0ZyZWVC U0QtYmFzZV0KCUZyZWVCU0Qtc3JjLXN5czogMTUuMHAxIC0+IDE1LjBwMiBbRnJlZUJTRC1i YXNlXQoJZGF2MWQ6IDEuNS4yIC0+IDEuNS4zIFtGcmVlQlNELXBvcnRzXQoJcXQ2LWRlY2xh cmF0aXZlOiA2LjEwLjFfMSAtPiA2LjEwLjFfMiBbRnJlZUJTRC1wb3J0c10KCXRodW5kZXJi aXJkOiAxNDcuMCAtPiAxNDcuMC4xIFtGcmVlQlNELXBvcnRzXQoKTnVtYmVyIG9mIHBhY2th Z2VzIHRvIGJlIHVwZ3JhZGVkOiAxNgoKNTU1IE1pQiB0byBiZSBkb3dubG9hZGVkLgoKUHJv Y2VlZCB3aXRoIHRoaXMgYWN0aW9uPyBbeS9OXTogeQpbIDEvMTZdIEZldGNoaW5nIEZyZWVC U0Qta2VybmVsLWdlbmVyaWMtZGJnLTE1LjBwMjogMTAwJSAgMTI0IE1pQiAgIDEuMCBNL3Mg ICAgMDI6MDkgICAgClsgMi8xNl0gRmV0Y2hpbmcgRnJlZUJTRC1kZXZtYXRjaC0xNS4wcDI6 IDEwMCUgICAxNyBLaUIgIDE3LjQgay9zICAgIDAwOjAxICAgIApbIDMvMTZdIEZldGNoaW5n IEZyZWVCU0Qtc3JjLTE1LjBwMjogMTAwJSAgMTU4IE1pQiA5NTUuMyBrL3MgICAgMDI6NTMg ICAgClsgNC8xNl0gRmV0Y2hpbmcgRnJlZUJTRC1rZXJuZWwtZ2VuZXJpYy0xNS4wcDI6IDEw MCUgICA0NSBNaUIgNjYzLjAgay9zICAgIDAxOjExICAgIApbIDUvMTZdIEZldGNoaW5nIEZy ZWVCU0Qtb3BlbnNzbC1saWItMTUuMHAyOiAxMDAlICAgIDIgTWlCIDc2OC42IGsvcyAgICAw MDowMyAgICAKWyA2LzE2XSBGZXRjaGluZyBGcmVlQlNELW9wZW5zc2wtZGJnLWxpYjMyLTE1 LjBwMjogMTAwJSAgICA0IE1pQiAgIDEuMyBNL3MgICAgMDA6MDMgICAgClsgNy8xNl0gRmV0 Y2hpbmcgcXQ2LWRlY2xhcmF0aXZlLTYuMTAuMV8yOiAxMDAlICAgMTYgTWlCIDkzMC4xIGsv cyAgICAwMDoxOCAgICAKWyA4LzE2XSBGZXRjaGluZyBGcmVlQlNELW9wZW5zc2wtbGliMzIt MTUuMHAyOiAxMDAlICAgIDIgTWlCICAgMi4xIE0vcyAgICAwMDowMSAgICAKWyA5LzE2XSBG ZXRjaGluZyBGcmVlQlNELXNyYy1zeXMtMTUuMHAyOiAxMDAlICAgODcgTWlCIDkxNi4wIGsv cyAgICAwMTo0MCAgICAKWzEwLzE2XSBGZXRjaGluZyBGcmVlQlNELXJlc2N1ZS0xNS4wcDI6 IDEwMCUgICAgNyBNaUIgICAxLjIgTS9zICAgIDAwOjA2ICAgIApbMTEvMTZdIEZldGNoaW5n IEZyZWVCU0QtcnVudGltZS0xNS4wcDI6IDEwMCUgICAgMyBNaUIgNzU5Ljcgay9zICAgIDAw OjA0ICAgIApbMTIvMTZdIEZldGNoaW5nIEZyZWVCU0Qtb3BlbnNzbC1kZXYtMTUuMHAyOiAx MDAlICAgMTMgTWlCICAgMS4xIE0vcyAgICAwMDoxMiAgICAKWzEzLzE2XSBGZXRjaGluZyBG cmVlQlNELW9wZW5zc2wtZGV2LWxpYjMyLTE1LjBwMjogMTAwJSAgICA5IE1pQiA3NzcuNCBr L3MgICAgMDA6MTIgICAgClsxNC8xNl0gRmV0Y2hpbmcgdGh1bmRlcmJpcmQtMTQ3LjAuMTog MTAwJSAgIDg0IE1pQiA4MTEuNSBrL3MgICAgMDE6NDkgICAgClsxNS8xNl0gRmV0Y2hpbmcg ZGF2MWQtMS41LjM6IDEwMCUgIDYzOSBLaUIgMzI3LjQgay9zICAgIDAwOjAyICAgIApbMTYv MTZdIEZldGNoaW5nIEZyZWVCU0Qtb3BlbnNzbC0xNS4wcDI6IDEwMCUgIDYzMSBLaUIgNjQ2 LjUgay9zICAgIDAwOjAxICAgIApDaGVja2luZyBpbnRlZ3JpdHkuLi4gZG9uZSAoMCBjb25m bGljdGluZykKWyAxLzE2XSBVcGdyYWRpbmcgRnJlZUJTRC1kZXZtYXRjaCBmcm9tIDE1LjAg dG8gMTUuMHAyLi4uClsgMS8xNl0gRXh0cmFjdGluZyBGcmVlQlNELWRldm1hdGNoLTE1LjBw MjogMTAwJQpbIDIvMTZdIFVwZ3JhZGluZyBGcmVlQlNELWtlcm5lbC1nZW5lcmljIGZyb20g MTUuMHAxIHRvIDE1LjBwMi4uLgpbIDIvMTZdIEV4dHJhY3RpbmcgRnJlZUJTRC1rZXJuZWwt Z2VuZXJpYy0xNS4wcDI6IDEwMCUKWyAzLzE2XSBVcGdyYWRpbmcgRnJlZUJTRC1rZXJuZWwt Z2VuZXJpYy1kYmcgZnJvbSAxNS4wcDEgdG8gMTUuMHAyLi4uClsgMy8xNl0gRXh0cmFjdGlu ZyBGcmVlQlNELWtlcm5lbC1nZW5lcmljLWRiZy0xNS4wcDI6IDEwMCUKWyA0LzE2XSBVcGdy YWRpbmcgRnJlZUJTRC1vcGVuc3NsIGZyb20gMTUuMCB0byAxNS4wcDIuLi4KWyA0LzE2XSBF eHRyYWN0aW5nIEZyZWVCU0Qtb3BlbnNzbC0xNS4wcDI6IDEwMCUKWyA1LzE2XSBVcGdyYWRp bmcgRnJlZUJTRC1vcGVuc3NsLWRiZy1saWIzMiBmcm9tIDE1LjAgdG8gMTUuMHAyLi4uClsg NS8xNl0gRXh0cmFjdGluZyBGcmVlQlNELW9wZW5zc2wtZGJnLWxpYjMyLTE1LjBwMjogMTAw JQpbIDYvMTZdIFVwZ3JhZGluZyBGcmVlQlNELW9wZW5zc2wtZGV2IGZyb20gMTUuMCB0byAx NS4wcDIuLi4KWyA2LzE2XSBFeHRyYWN0aW5nIEZyZWVCU0Qtb3BlbnNzbC1kZXYtMTUuMHAy OiAxMDAlClsgNy8xNl0gVXBncmFkaW5nIEZyZWVCU0Qtb3BlbnNzbC1kZXYtbGliMzIgZnJv bSAxNS4wIHRvIDE1LjBwMi4uLgpbIDcvMTZdIEV4dHJhY3RpbmcgRnJlZUJTRC1vcGVuc3Ns LWRldi1saWIzMi0xNS4wcDI6IDEwMCUKWyA4LzE2XSBVcGdyYWRpbmcgRnJlZUJTRC1vcGVu c3NsLWxpYiBmcm9tIDE1LjAgdG8gMTUuMHAyLi4uClsgOC8xNl0gRXh0cmFjdGluZyBGcmVl QlNELW9wZW5zc2wtbGliLTE1LjBwMjogMTAwJQpbIDkvMTZdIFVwZ3JhZGluZyBGcmVlQlNE LW9wZW5zc2wtbGliMzIgZnJvbSAxNS4wIHRvIDE1LjBwMi4uLgpbIDkvMTZdIEV4dHJhY3Rp bmcgRnJlZUJTRC1vcGVuc3NsLWxpYjMyLTE1LjBwMjogMTAwJQpbMTAvMTZdIFVwZ3JhZGlu ZyBGcmVlQlNELXJlc2N1ZSBmcm9tIDE1LjBwMSB0byAxNS4wcDIuLi4KWzEwLzE2XSBFeHRy YWN0aW5nIEZyZWVCU0QtcmVzY3VlLTE1LjBwMjogMTAwJQpbMTEvMTZdIFVwZ3JhZGluZyBG cmVlQlNELXJ1bnRpbWUgZnJvbSAxNS4wcDEgdG8gMTUuMHAyLi4uClsxMS8xNl0gRXh0cmFj dGluZyBGcmVlQlNELXJ1bnRpbWUtMTUuMHAyOiAxMDAlClsxMi8xNl0gVXBncmFkaW5nIEZy ZWVCU0Qtc3JjIGZyb20gMTUuMHAxIHRvIDE1LjBwMi4uLgpbMTIvMTZdIEV4dHJhY3Rpbmcg RnJlZUJTRC1zcmMtMTUuMHAyOiAxMDAlClsxMy8xNl0gVXBncmFkaW5nIEZyZWVCU0Qtc3Jj LXN5cyBmcm9tIDE1LjBwMSB0byAxNS4wcDIuLi4KWzEzLzE2XSBFeHRyYWN0aW5nIEZyZWVC U0Qtc3JjLXN5cy0xNS4wcDI6IDEwMCUKWzE0LzE2XSBVcGdyYWRpbmcgZGF2MWQgZnJvbSAx LjUuMiB0byAxLjUuMy4uLgpbMTQvMTZdIEV4dHJhY3RpbmcgZGF2MWQtMS41LjM6IDEwMCUK WzE1LzE2XSBVcGdyYWRpbmcgcXQ2LWRlY2xhcmF0aXZlIGZyb20gNi4xMC4xXzEgdG8gNi4x MC4xXzIuLi4KWzE1LzE2XSBFeHRyYWN0aW5nIHF0Ni1kZWNsYXJhdGl2ZS02LjEwLjFfMjog MTAwJQpbMTYvMTZdIFVwZ3JhZGluZyB0aHVuZGVyYmlyZCBmcm9tIDE0Ny4wIHRvIDE0Ny4w LjEuLi4KWzE2LzE2XSBFeHRyYWN0aW5nIHRodW5kZXJiaXJkLTE0Ny4wLjE6IDEwMCUKPT0+ IFJ1bm5pbmcgdHJpZ2dlcjogbWFuZG9jLnVjbApHZW5lcmF0aW5nIGFwcm9wb3MoMSkgZGF0 YWJhc2UgZm9yIC91c3Ivc2hhcmUvbWFuLi4uCkdlbmVyYXRpbmcgYXByb3BvcygxKSBkYXRh YmFzZSBmb3IgL3Vzci9zaGFyZS9vcGVuc3NsL21hbi4uLgo9PT4gUnVubmluZyB0cmlnZ2Vy OiBkZXNrdG9wLWZpbGUtdXRpbHMudWNsCkJ1aWxkaW5nIGNhY2hlIGRhdGFiYXNlIG9mIE1J TUUgdHlwZXMKb2RkMUBmYjE1cjovdXNyL3NyYyAlIAo= --------------M61uOMh1V3V0QHYA9UNvVGUS--