From nobody Tue Jun 9 23:12:42 2026 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl7G1vxKz6gpqb for ; Tue, 09 Jun 2026 23:12:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl7G1J3Yz3MwV; Tue, 09 Jun 2026 23:12:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046762; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=uss4UWiDvTo4+SKymVZeJOzeJ5y1/rm1QEYSxmawLXM=; b=sG3lUfUBiVz2DRrvnDltDbTbL/T/Ftf+wK+U/fpA9pcqXdjp28Ibb1YuHp0/Rqq8FKul9m F90jXAwDw54ISsMsIvUuPaT5KQL0UCiw9Z1fnQU79LTlewhurw06WjPIgDgJZmzw/VqTTw ZjHRp+cu6fwDd6gPkIk0OmCSI3dAxdshQENFpf0lLcjs53snmWJB3dWOmYmEbNEgp2veCn NhmTZHJ13tOwuqIzxnQRWvicRjIVzDvs8CHCJWkrXiwcYEDlUUXGX+wecOK7fBJFSC7GKZ WQvVEKQgDZKoUC8tjTljN7t+7FL7Qksi31Ah6XAwVenomLs253K4bgI5oR+yCQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046762; a=rsa-sha256; cv=none; b=td+j2DOtCuOV5TJXb/nqg5zrvhRyvxmuziXvCP9PUc4fyJGXIAa0Hocmg2a0L0EkwfCEkS /GDJYIokuR/+JfiUYm4+VZlOfBOmnJ9c0WPkVvMXJhzstDT7SEe0+12HecdJO4HRuKx1Uu GFHreX18HH2lgOdxTEDMCtBVyovBq/4urhHbAHdJkhTDxmVg/3UIPOdk+d2QzhBKVWWwEn DdJ3q5x0N+rgw8l8chRT42W282alhi58UmrkhcNE+E3s5axDtqTLHvoeTI5KX4ZSq7HLUy 6QVrVA6BZbIP+0swKxFooE2s5fG1QPw4F1mSoaiF+Qt30NtHArGCBUmaIaiaxw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046762; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=uss4UWiDvTo4+SKymVZeJOzeJ5y1/rm1QEYSxmawLXM=; b=M7vDfa9/5pnt+NzHUqkhAOeC7T2R9A8REOjzK4V3JDHfPE/07lklk1z/NG7Gj66pLzjh+A 2H9KmlDdlvpychqPNPfIKUY1791iC+NNyCmo4mVlCWtqSddal2hbIYvpAixEcHUe1Hq7sH FFTOBVdxC6Lik7fJ+avl+TUPiAVM4BZtkNxyzReuum1t5in2+czlsPURjburWwaeXFwAuu J3i8kmxtbumHCj5JDPze8+3BYBTG+LaRD7AtHPjXqPT5kVZYA2//ls3Pndj7d2O+JASOxD e0jYN8e3cx3nq3oqV8aTq+ewddkApRWfX4E863O3zTJUA4z0Y/8AsE7v+GH7jg== Received: by freefall.freebsd.org (Postfix, from userid 945) id 1F4D41FD1C; Tue, 09 Jun 2026 23:12:42 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-26:14.syslogd Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20260609231242.1F4D41FD1C@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:12:42 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:14.syslogd Errata Notice The FreeBSD Project Topic: syslogd(8) memory leak in casper_ttymsg() Category: core Module: syslogd Announced: 2026-06-09 Affects: FreeBSD 15.0 and later Corrected: 2026-05-26 20:41:22 UTC (stable/15, 15.1-STABLE) 2026-05-28 22:16:09 UTC (releng/15.1, 15.1-RC2) 2026-06-09 19:19:32 UTC (releng/15.0, 15.0-RELEASE-p10) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background syslogd(8) is the system log daemon, responsible for receiving log messages from the kernel and from userland programs and dispatching them according to syslog.conf(5). It can be configured to log messages to a system console or to logged-in users' TTYs. As of FreeBSD 15.0, syslogd runs in a Capsicum sandbox, and delegates the actual writing of console messages to a libcasper(3) service. II. Problem Description When delivering a message to the console or to a terminal, the libcasper service retrieved the message text with nvlist_take_string_array(9), which transfers ownership of the array and its strings to the caller. The casper_ttymsg() and casper_wallmsg() functions never freed them, leaking memory on every message routed to the console or a terminal. III. Impact On long-running systems that emit a steady stream of log messages routed to /dev/console or to user terminals, the resident size of syslogd.casper helper process grows without bound. This may eventually lead to memory pressure, including swap usage, or process termination by the out-of-memory killer. syslogd itself continues to function. IV. Workaround Periodically restarting syslogd will reclaim leaked memory. Systems that do not direct syslog output to /dev/console, terminals, or wall destinations are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # service syslogd restart 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # service syslogd restart 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:14/syslogd.patch # fetch https://security.FreeBSD.org/patches/EN-26:14/syslogd.patch.asc # gpg --verify syslogd.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart syslogd(8), or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ be03b0fb2241 stable/15-n283693 releng/15.1/ d51d91b07f5b releng/15.1-n283540 releng/15.0/ 998de2d14e25 releng/15.0-n281049 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiS0bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvi2gQAMf5aER4RND+DWh7qbbQ ZuQwejCwW1MeX/oex0TAD8tvGgaBXOztAMMPQ4KRyrzjIYeo5+NpWAYlhqiAOOKE DCctvWY2hMylj5NNV2etV4QpK0h2R4ZTRj2gnWhYIr/PkzRmaJu9tc3dOH5DQSQZ WZTwo+Wu/vcAnevgIe4cOPI07YdZjl6bGlOo8q0qBaJ1xKk5NbY3Se9IJX3pCf31 KODaPY1Py9EuYyW1HoDfrZV7V0iV3X51lgLNmHa2l8Z2cFD/U7Xsk08wU/vtcY0o la+hvXwMjzHrtie6a2FNV2twyH534B/2ye5Olsf/QnI+g6mEKr3Xif9tt5fYQHXW Lku+Auc3Hy1d1vK5MUOUpf53SEtvLFkISBAAFIT5x/4kC9W+Kjvl7vspSw+2whuM S4iLfBbx3DN9aHCNvL1rnkTvn9H7/nOtiaJ5SHBXmtWyYDS/ZptBuzq8L0NaLRfp lHoSCwND6HXQNZZi3QGVctthFg24ZJoxZOZrx7cDHIphtf/AHMlYkpIPZMaCuiBa Pw0B/m03VBFYgHCyXlKjQ1EKbAHpS3/pNv5EtCnAAWPNGNoiAjQDa5CnUg0nlz3d wI+qXBAAM7dUndhvs10/ta/n15Dn6hf89Eojx4SDvPWWAmvtmhd0dDn7kIRDVzVf 2nqvCHY/6icyLLm3vbwjwgv5 =nmHp -----END PGP SIGNATURE-----