From nobody Mon Jun 8 09:26:47 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gYms10Ktjz6fhc5 for ; Mon, 08 Jun 2026 09:27:01 +0000 (UTC) (envelope-from alice@freebsdfoundation.org) Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gYmrz6YyXz3khZ for ; Mon, 08 Jun 2026 09:26:59 +0000 (UTC) (envelope-from alice@freebsdfoundation.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=freebsdfoundation.org header.s=gfnp-20170908 header.b=Zxr9Sjpq; dmarc=pass (policy=none) header.from=freebsdfoundation.org; spf=pass (mx1.freebsd.org: domain of alice@freebsdfoundation.org designates 2607:f8b0:4864:20::1134 as permitted sender) smtp.mailfrom=alice@freebsdfoundation.org; arc=pass ("google.com:s=arc-20240605:i=1") Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-7e3b2a435ecso36157997b3.1 for ; Mon, 08 Jun 2026 02:26:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780910818; cv=none; d=google.com; s=arc-20240605; b=LtnrUxDiLdpvSo6ekUYRYGucVrjiiu6nHODiedWt4RXcNfGy3MXp/1V83XVVs/NG4C OiI6ZLo5JgjX61ghHao330dcNju3yKG2IwOj0k52wZeMB7APAxr32lqKKeK9CyeH8W/3 bBZmFNHX+6wUqLNbQ/QQA+khEHtxZe/xoPW5YJORwuKzLFqPVYXsEVRa5djiv0lOVbBH XPDAdyQNugnFH42h0HwQpudZDRkF0RMZs+czfyaOcPMVbxNlV69xJYK+Dev6AdI9X73G gMcKd8pf7bG+fizteNaeA+vhRInuH8Zx/kwz6yxeAudJeAuQk7Y49b1yB5lsoGZEYYPJ go7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=Y6RJ2nv538onIlT6t+XNSsoGS7mIZxo16XYjusUGUGw=; fh=8X/fzy6oRkinpO/u1+30mH2eQUCHV465yZU8zsG9ReM=; b=AnjX4Xjf/NEZPxe0jiYqkS9n0QgWTddIaepEmh1ogzqgUyDWMoV+SQQ4qkjbj3HuLC EUTGZHsCpLTPsEoHLcXtwjH49Y/7OiwVd5p/BJlfFPvrht2SsOjZLid8+cGYDdTNtyjY jyt8IiTiHzepIEbtQNgrpkIdzg4gPW3mGIOiOFH0vhuNcA3F4ugNmHHkwizdzE/TbJET KdC3wmCvaHzu9KwnfM7UQz5nJJMqDqXqvZ1UQabsR+dY6dMMAd51ZpE51/rWgK0Vcz8v DVaAsXYSytiD16J4UqbzqBjAgZhvFYRQaq8jBW3ipYEzo1a3IBEEBsnlrVxs1qvG7pI/ Oq3w==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsdfoundation.org; s=gfnp-20170908; t=1780910818; x=1781515618; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Y6RJ2nv538onIlT6t+XNSsoGS7mIZxo16XYjusUGUGw=; b=Zxr9SjpqaWRselYfMKDjKq364Rhxx2xlLJ1gm3ZeXuVfzNvBR3IJyRRM3UY7FaedQj fQUhPMsy2aY0IayHKSpjzj/8o4SC0FnHALC13wPB6EKcUhhE/0O/+7C8Eq6Ew41370Sq /yma8JOWacNab8dDQV2HtqXADi+l5Q1jJDgkgZLUyJPFE+g4F6LKXpMt//vS/K0PkloC 5p66iXRMU3O6wkBzEiAAMW9B+hIC8kua0mKQoIAWBmymG00vGzArSs8uegP8RZOC8Cjm bWmtHinIVzEku0ik36wT4bXGoeuhBAEHjv2MHxh8EdcXqWrbivVpz4s9/QIlg4yZ/AMB 2/Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780910818; x=1781515618; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Y6RJ2nv538onIlT6t+XNSsoGS7mIZxo16XYjusUGUGw=; b=XqEXBANWhaqaM6IPCOQUVgMrBbMKFbwCamqqueph3MmzN4p2FBZLWktGy5wqZa93Dl tV6UJKaD3+kv822QM+ZhtoQtAFcov5yEDJr2BIMAQg5+AL1PP3MP3mmdG25IJPMx7U99 X8nC9FRW6o/ymsyzDz3ARWvlLKfHOq098RtS++/gl1/GAMhQz+FKQjxUuIuWXFQgXdOp 9nVPt9Yj7k0izHrtRRpKoejfvCr3HYeKAyAhvWz7+Dgx8M7OcU7Ls89q16kvkIV2hzH0 MW3l3dXSJdjGTmThQM3lntkbyL0KiZoYhIL81HOTy6VUMpRCrTl5PVAKMeF4jULj/r8h hPYw== X-Gm-Message-State: AOJu0YzzaSBgD3s7Pdi+1qO5DfZ9OMjWk2O9u1aVgUSQ33FgUTW5Mjgf 52M8ymn3++hdmjnni784cC/1YoW+hw8EtARDcAVfu2KvYoCtJtInfXlyr8z2Bw4dGJ03qrk1/Lh Z+XDJf5K/QVCzXOlrIVqYi8FKoLNrQyaukfoQ5HLX1p8xgzfCN0gApjdsJXqV X-Gm-Gg: Acq92OHeTfZCDQ0hkk9eicmZaAqkMerOw9RykV/nWr2hXyZLIV5mxSAtDwebyr0pcIJ NK74a4CeRoGUAbE7MetTU4yom2M82Wnka5Dhvl0lfguB2Ab1Va/jgnCTDl6g6CnRltuPUPy018c KlGZKU78Is4EWVaDlTlKRx/Ov8k/AS9ehHf8PtLLUV8Ps503TH60JfzAb+b5YB0Lop5BrMjTKyF qG/IhUggitKc6gRie99eQ6ApW28Bjsjl1xzq5Y069ElelDI8uYg6kL7m1ybxAGaE5msAcFtFeE0 Y+5YQrmq+5sYXr9EYLb5CifVy/BjN6aczg8ORO2F0apznrk2R4/k37SHCRLwR2zykjEMwUlGa83 Tkmw+j2RmkrxXJJLute5gjHAGRPWP5+zXs5fkplXT9t72VLTSjbUXsGX1GA== X-Received: by 2002:a05:690c:6f0b:b0:7a3:7ad3:3e9e with SMTP id 00721157ae682-7ed0c3315e2mr130591447b3.32.1780910818125; Mon, 08 Jun 2026 02:26:58 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 From: Alice Sowerby Date: Mon, 8 Jun 2026 10:26:47 +0100 X-Gm-Features: AVVi8Ccyg3ZL1isit_PtimNUz45o2umDEB2oOuO9fs4drmrb6Zet2fJxXXdDNsk Message-ID: Subject: New Open Consultation - EU Cyber Resilience Act To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="000000000000b0f3b40653ba9c32" X-Spamd-Result: default: False [-5.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.997]; DMARC_POLICY_ALLOW(-0.50)[freebsdfoundation.org,none]; R_DKIM_ALLOW(-0.20)[freebsdfoundation.org:s=gfnp-20170908]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MISSING_XM_UA(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1134:from]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[freebsdfoundation.org:+] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4gYmrz6YyXz3khZ --000000000000b0f3b40653ba9c32 Content-Type: text/plain; charset="UTF-8" Hello everyone, There is a new open consultation relating to the EU Cyber Resilience Act. ___________________________________________________________ - Category: Standards - Title: Consultation on draft Technical Advisory for the Secure Use of Package Managers - Organisation: ENISA (European Union Agency for Cybersecurity) - Description: This survey invites you to comment on aspects of the advisory, including the overall approach, the coverage of update lifecycle threats, and the clarity and usefulness of recommendations across the update lifecycle. We are also interested in your thoughts on whether the technical advisory is concise enough, and where content could be refined, expanded, or removed. Your insights, whether from hands-on experience, security expertise, or general familiarity with update mechanisms, are highly valued. The results of this consultation will directly inform the final iteration of the technical advisory. - Main link: https://ec.europa.eu/eusurvey/runner/technical_advisory_update_mechanisms - Relevant to: Stewards, Maintainers, Manufacturers - Who can respond: Anyone - Shared in: freebsd-security@freebsd.org - Foundation response: The Foundation will not respond directly but has passed it to the security team for visibility. - Closing date: None given ___________________________________________________________ NOTE: this information, along with information about other open consultations, can be found at https://github.com/FreeBSDFoundation/all-projects/blob/main/Cyber%20Resilience%20Act%20Readiness/legislative-engagement/requests-for-input.md -- Alice Sowerby Part-time Technical Program Manager M +44 7787 953393 --000000000000b0f3b40653ba9c32 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello everyone,

There is a new open consu= ltation relating to the EU Cyber Resilience Act.
____________= _______________________________________________
  • Category: Standards
  • Title: Co= nsultation on draft Technical Advisory for the Secure Use of Package Manage= rs
  • Organisation: ENISA (European Union A= gency for Cybersecurity)
  • Description: Th= is survey invites you to comment on aspects of the advisory, including the = overall approach, the coverage of update lifecycle threats, and the clarity= and usefulness of recommendations across the update lifecycle. We are also= interested in your thoughts on whether the technical advisory is concise e= nough, and where content could be refined, expanded, or removed. Your insig= hts, whether from hands-on experience, security expertise, or general famil= iarity with update mechanisms, are highly valued. The results of this consu= ltation will directly inform the final iteration of the technical advisory.=
  • Main link: https://ec.europa= .eu/eusurvey/runner/technical_advisory_update_mechanisms=C2=A0
  • Relevant to: Stewards, Maintainers, Manufacturer= s
  • Who can respond: Anyone
  • Shared in:=C2=A0freebsd-security@free= bsd.org
  • Foundation response: = The Foundation will not respond directly but has passed it to the security = team for visibility.
  • Closing date: None = given
___________________________________________________________<= br>
NOTE: this information, along with information about other open cons= ultations, can be found at=C2=A0https://github.com/Fr= eeBSDFoundation/all-projects/blob/main/Cyber%20Resilience%20Act%20Readiness= /legislative-engagement/requests-for-input.md=C2=A0
--
Alice Sowerby
Part-time Technical Program Manager
M +44 7787 953393
--000000000000b0f3b40653ba9c32-- From nobody Tue Jun 9 08:35:38 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZMgg2Jf5z6hc6w for ; Tue, 09 Jun 2026 08:35:59 +0000 (UTC) (envelope-from alice@freebsdfoundation.org) Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZMgd4YnVz3Gm2 for ; Tue, 09 Jun 2026 08:35:57 +0000 (UTC) (envelope-from alice@freebsdfoundation.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=freebsdfoundation.org header.s=gfnp-20170908 header.b=YwmZMJd5; dmarc=pass (policy=none) header.from=freebsdfoundation.org; spf=pass (mx1.freebsd.org: domain of alice@freebsdfoundation.org designates 2607:f8b0:4864:20::1129 as permitted sender) smtp.mailfrom=alice@freebsdfoundation.org; arc=pass ("google.com:s=arc-20240605:i=1") Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-7dd3f176f84so61371257b3.0 for ; Tue, 09 Jun 2026 01:35:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780994150; cv=none; d=google.com; s=arc-20240605; b=NotW4PBBkMpL0q/QTodJo5T1MNgckhTFc7Jc3LkgEZXScLN3np7rhZm92ZEBbXBHWD SGYN6AoZ3LLbbNIoZTGhcIizTdQEt84ru2Mv/IFwKcmrQ4kw3ooDtXXUD/Js7n0ZXI6V H9mawjdhof2w3a9uwM3IlehHE6966zdS2JlSr+FOzOoOm3nt+Dx/8+TbJkKZ92XQvKRR tq4DjmsDfo2+bEw99GlRRIBVPF5AUXkbJyC4SFaH0VAySKXflTQYjYB0KkUyC0haffpN aMZ10YkPA8rxyRmR5UZyrHff072oi8+7mUUEfJk/Qkq3IZeboFJZyW0+JPND48mCZM2c fnWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=jjptM/oELD3hkkkMG1dNpZZzLTOensJim4qPWyk5sUc=; fh=8X/fzy6oRkinpO/u1+30mH2eQUCHV465yZU8zsG9ReM=; b=UZa1t9Gpy5PlcKtsY05MwdF7CTTtQpl53rq/Br+48vBgFcfZStpMziJFwAapPhHjaw MXY7WHifZvLrhR0Vqs9LNozJtD2V3iZ95bZJSfzj2cCQTAnhhJ+OjP2zW03K8mAtYhYR MlGvAGFge5DLGcP29gmDcv4WoB/O1LCYNvX7DZgdAAp0HLQvW5l7GgQDp2RMUAGBLMmI JwWyGTsPGUZTOI5U1INznvxEEFVVYSHGqAHCu8Cwrb/x1n6bVHWP79UUlOhcJfG6uASX 3T9WU39VPR/3KyfFIkSDQIjKShe4J1LP29/2DGm3BbT2rcRI6jNbDrETUzt6c6bOuZXs Ow+A==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsdfoundation.org; s=gfnp-20170908; t=1780994150; x=1781598950; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=jjptM/oELD3hkkkMG1dNpZZzLTOensJim4qPWyk5sUc=; b=YwmZMJd5CMKrdzzage6zOCD2kVbzvrE9OKckGa/pQMUfwBsmYV8RjddvNv/E5v013G johYQNSUi934SEl37IaR0Tf6uIxVNBAImziK3JSHfPnP/m3MZ3cCPT9+DzLGsAA1nm4X CRYz5Qesap342Ondlit7I223LGxyb5MneZwE7TOpa6+BFfTlyGO8BJTKg1ykOEUkwno/ JNHnaHCVMOR2GJcKhfApiqa46tvitb9s6zLWqG6PUrgZGKmpAXMg5QhO4y5uqti/7+XC JPIHI7m5Xu53FNNwNeuVJO5r54ZmYas2kVjpOSq3GzKIdFJRZV3KFOMAdFRvxhI5cnca C9Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780994150; x=1781598950; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jjptM/oELD3hkkkMG1dNpZZzLTOensJim4qPWyk5sUc=; b=brjfCkX4AChK4P/FagrOoEToNgZ+E/Q4oeBwOnwui3orYp58wt2tzL6DoempsxIL4c l3r/nybbIcqdaSXFWG5IuX0pWfVAf5Cgg1Y6U8vywkbfqB8qq57TSUyZ/3eoAykPLtNl 3GEIh9yllAOzA/XSmIf3jh6wzHdH4NwBcncm8G4hRFRznTHALli91Jpy8iCjTFHsPndR 1xZkljAkr6PfRDp44I00aSxB+u0f6lXQZfwDyFI0P3h2xMprnUtavDMcrH3hbjqeLL/D JS7iOIP+9v3HVu2Xls+2taW7TDp1qHhcsoNxz7XmZMaC6ce6IaySs3MqzPVA3LdKfUK1 SUXQ== X-Gm-Message-State: AOJu0Yw0FMCyzzgpvAxuJTEoG/QkQB9uLqqL2wWdD5p3UyPlMn23iM35 M/qdRzL8AeAEsoShJiHVxCQsF6p/Kpnap3PwZDSElLx6Wyt1yOh0lgd2R37NpuGWc82hw34stMT l+WhjQVqU2gBY3Lh4XjuAbZuhVR1GUQiXzTMBGhYOQ64Jh7xkHQXK67UzpUDM X-Gm-Gg: Acq92OHKxsG/kLZxINi3OfQrqC7MpmhQ1K0xMWlIy+/rKWOhVcgNw45AFQc1bXL8IJN SyZiVE1AHCN+t7aB6NsqJYMiuFtrtH5T1AF/Kl6PBdPvLb6pkfEgJaljkWX3aqyGguQHO4ShQrs BZckbi2C5GrkmRHhaQiHLSCm8VLi/GQtLtaxI6ScsA9C+e4Nco3QV5e/lpplYq3G8ZKKHOckJlX KAtDejnyZ0vBel9mQKySJx+47YG9WNcwDxzQyIz9xQUVlNCcOxMAD7Kh5T5aHYadj7uPWbF8gZa Qq3yY/NaLHQlbU5Rr7IvmowQMsLOIEPSwXF47z/Sp6GFpGg7Y9o7r7RSy9gmt0Pqtiem+RqvGce GJRmyoRtXC4dN/b93lLybI0adIZWgiq0QYrV1LZokqhhBJ9h5JSeO7O/g04dgBlOJajCD X-Received: by 2002:a05:690c:6287:b0:7dc:a5a8:8b3 with SMTP id 00721157ae682-7ed0caf7a14mr174605837b3.10.1780994149790; Tue, 09 Jun 2026 01:35:49 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 References: In-Reply-To: From: Alice Sowerby Date: Tue, 9 Jun 2026 09:35:38 +0100 X-Gm-Features: AVVi8CfbdJbSYRVl8G0zOSdcvqimzTvLWGEFmnwoVp0o8MWibLkYuigIi5uw7ks Message-ID: Subject: Re: EU Cyber Resilience Act - tech talk for maintainers To: freebsd-security@freebsd.org Content-Type: multipart/related; boundary="000000000000a598900653ce0316" X-Spamd-Result: default: False [-4.68 / 15.00]; ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.92)[-0.924]; NEURAL_HAM_LONG(-0.76)[-0.761]; DMARC_POLICY_ALLOW(-0.50)[freebsdfoundation.org,none]; R_DKIM_ALLOW(-0.20)[freebsdfoundation.org:s=gfnp-20170908]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56]; MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:~,6:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MISSING_XM_UA(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1129:from]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[freebsdfoundation.org:+] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4gZMgd4YnVz3Gm2 --000000000000a598900653ce0316 Content-Type: multipart/alternative; boundary="000000000000a5988f0653ce0315" --000000000000a5988f0653ce0315 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Looks like the talk has been rebooted since the original one didn't happen: *From OpenSSF* > The next CRA Tech Talk - what you need to know > > - The next "Monthly Tech Talk series" - > > - "Navigating CRA with the Maintainer Guide". - [image: :calendar:] June, 15, 2026 10:00 ET | 15:00 UK | 16:00 CET - [image: :spiral_note_pad:] Format: Short presentation of CRA Guide for Maintainers and Developers -> Panel discussion -> Q&A - [image: :ear:] Wanna just join and listen? The event is free for everybody to join -> Register here or check out OpenSSF calendar On Thu, May 7, 2026 at 1:24=E2=80=AFPM Alice Sowerby wrote: > Hi folks, > > I thought I would share an OpenSSF session that is coming up soon - it's = a > tech talk and Q&A for open source maintainers who would like to learn abo= ut > how the EU Cyber Resilience Act may affect them. > > It's a follow-up on the panel discussion given at FOSDEM CRA-in-Practice > Devroom https://fosdem.org/2026/schedule/track/cra-in-practice/ > > > - Date: Monday, 2026-05-18 > - Title: EU CRA Monthly Tech Talk > - Time: 14:00 UTC > - Calendar: https://openssf.org/calendar/ > - Joining link (you may need to sign up for a LF account): > https://zoom-lfx.platform.linuxfoundation.org/meeting/95997690636?pass= word=3Db4a428c5-5e57-4e15-84a8-bfe8b5541f3a > - Password: 95997690636 > > Thanks, > > Alice. > -- > Alice Sowerby > Part-time Technical Program Manager > M +44 7787 953393 > --000000000000a5988f0653ce0315 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Looks like the talk has been rebooted since the original o= ne didn't happen:=C2=A0

From OpenSSF
The next= CRA Tech Talk - what you need to know
  • T= he next "Monthly Tech Talk= series"=C2=A0 -
=
On Thu, May 7, 2026 at 1:24=E2=80=AFPM Alice Sowerby <alice@freebsdfoundation.org> wrote:
Hi folks,=C2=A0

I thought I wou= ld share an OpenSSF session that is coming up soon - it's a tech talk a= nd Q&A for open source maintainers who would like to learn about how th= e EU Cyber Resilience Act may affect them.


Thanks,

Alice.=C2= =A0
--
Alice Sowerby
Part-time Te= chnical Program Manager
=
M +44 7787= 953393
--000000000000a5988f0653ce0315-- --000000000000a598900653ce0316 Content-Type: image/png; name="image.png" Content-Disposition: inline; filename="image.png" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: ii_mq6dvum81 iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAEJklEQVR4AZSVTWwbRRTH34x3vevP Oolr0rhJkzSx44S0KokQyiGqmlKgUhESBMoJJFQHISQkDkjAJRJI7QEEEhdKhPiSGtGcuAAXuCDR hFZqm8SO8x3HQNLmy1l/rb07O7xxIKKpD4nl37w3O6P//vfp7SyFf3+ccyK4fp3bhuLJJzF3iaXP 7iaahpc2ekQu+Hx8ofcO50GRf3J70ff19GqfyPeyK0wI4YLVtuS76xn9254rX3wgNks21zejk4lh 6H721NDs2ukCI9cGh0a+FGsuxf7R/Mr97zrf//htMb9665YsomBXGB2quZwW9avKwJlazw8vdTQ+ 88v8ynDQ63T2VtlvfnXlnU8DMrn8eMD7W19tVd3PkzPXqh1Kz1MB5cenO1ouzXKuDHR3G4OclzUp CtrEHdKZzDnZJl/Nbm4c3dSyA29dONcW8jku3knMdvW2tz7/al9Pry2vPZFIpi6+eeFMZ29z/ctz i0uRao/ntQ/7z7fNLt+L//TXWniQEAs1SVldCCuEOChwOHu02jgR8DFDL1jVdspeaD1iqTZqmbpu dfnd1umGw1apoFs2sNhzxwNWrUtlpVKxpNrlZsrhvNAaAaAUB5HDRNZm/b7BYU2uocvcS0c3Obmd kWjWVUvuZiVyA+dLloesy34ytgXkjy2g245HyHTJSUfXDJpcuQ9Fs1Qsi+FA+3EQ/7AbyMlDAGGn ARGXCZiTTo9FQg6jHMU84mIE18lJL5ATSEg1SIebwakaGRS7DPOpVSK0YGQE6H+O57MA8QySJRBH YpjHMJZzjGIuckEM9wqm8Ho8S2F80wAsLESO1Zd1ob8fdh0fdwNEkPYDEPFwfDoLHq0SXcZhajG1 I/yA4wLAFDo5CAl0nMhRiG8ZQAmFSFMlxw6sL7rFWsP+4RB2WRBBx4wxiC0mKzueQccHg8BMjsBU 2gBZlqCj5diO8AM1RschdHwgXBxCSOSQDMWSAbG5Co6XsMZzOYADkScwh0xvG6Aqduis5LgeHTc7 AfZLE+5tdHBoQlq8MhT0IkxUciz6eBprvF/EkyULFBbyFGa0EjgdSmXHoo9b8QTeD6JrgirHl6II WV6ElKbBlpaD2EKFPl4uAF/COu+HRazrnwUTNG5ATs/Baupv8HnclbuiRgIpYAdA+GE7EETEh/Db gR9RgdtkwnP5Eo9PJUHXDdjUMhCb+V9XYONxBLwyu+dXONSpnARVMBC2F1xjDQ5gMi+x+dQKm5hc YJqWYx63www1BCHcGNw5hkUf4+cIzw9OfB7Pr+Pb+uWxtG4bTedlRNrLWLog3UBupvOS5FCljvZG qeuxsNTaWq+a+OZRPGWFSUH5Dihedt1T539v3TDPaqb1RpqxS9uMRfeSNs2oosjRgN8XPeR1Rb2I LEmvc+CvGMT8Xoi+SAj7BwAA//+zAdNaAAAABklEQVQDAFwPb1y8Xfb+AAAAAElFTkSuQmCC --000000000000a598900653ce0316 Content-Type: image/png; name="image.png" Content-Disposition: inline; filename="image.png" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: ii_mq6dvum20 iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAFkElEQVR4AWyTa1CUVRjH/+d9310W Vm6KCVQ6Nia4zggkC8KQ4i1NrFSgRAkzSWe7kBCKlw+ROtM40aewcXKa4Us0kxMzVh8shDSYBlYu mTJigcvKNXHAhd1l2d33PT3nXXXK2t3nnOfsOc/vnPN/niOBPncLc+d4V1kyeRSsPPVpq2tzttWz 3mr1bF4T6oUv7KXHxuuzrfzpCCuPh9W7Lj2jJz0ljXCMDJJozHenPvPPX9D2+9FTbcPL0u0mr9eu McmuuSftGoedk8+ZbNcmJh6NNUm2IzBjv7OjxH79zSo7Y6x9XpjU1ZKU/I1g6mB52rV4IK8QPUeO axdKyvmY0cQVNcjZ0mXEkzn3+Tj3THMlJ5czg0Efy9NTfHp+PL9ZdYq3lp3gPz+3WgsP+iHJ0qYf V6ww62DJaPQrf/Ri6JoT/WMjmJRkyKoKw849kHNyIS1+BtLyFVDytkNZ+wJYQiJYeibCp11wtdnh dNyGw+sFJAng3Ou/Z+DkAbPmKLak4xes/cjG8s+fZUu1IPP5fAzjfzFl3SYmp6YzQ942xu9PMCl5 OTMdP8lYWgYzTIyz3C8+ZmtrDrFtvV1QFYMAswTSQgczTUPAYETq/bvIuD8OviQJppOfgs2bD815 G3L2aiDcDGaeg2DTRbCnFkL79QqCYeGIDMxi471hxDGOIBh9OWERSh6Xic8YZhQjvBFzoN3+E2pL MwLf1iPwVR2CF79HoOFrzH75ORAWBq3nOlRHP1h4OFS6vtsYhgAjhsTACS3INCK6bwbSzAxkrwcK 9ZLHDe2HBuC3TjDXJLQL54HuDuDmDbA7AwjW1kByT0Py+SCRtgrFyTNeCIY0OwuQFjq4b+87uPP2 B/+wQ3AePgFH2VE4bPT/kZNwlh+Hs/JD9G9+Bf0vbsdA2REMHDj4IKYSg+8extCB9zGVmgp0doak CGY9jwX5OxFfUKTbgvzX8GRhESzFe7Cs+A3Eby/Ewp2vw7KrBJa9+8newtLde/AszSUU7tJjE1/d jdiXd2C0sBCd1dUhsCEQQCSJH8kAM9cQG2aEKRjAdw0NKLPZaA5oa/wJluRk5GRlISsjAxvXrMHe oiJIXjeiKUdmTUU4xUjEQkJCCMxJbZWagKhdSk5rayueiI/Htvx8nD13Dj5/ADHz5iFj1SqkrVyJ 7JwcXGlpQde1a4iMjoGIU4mhUQFQp/8kvaWGMQbGGHmARJmuqanBvn37qAjCMEsJWUnAuro61NbW oqqqit4Bx7Fjx/T1Kh2IMab7BNH7R2AxEkAByczMRGlpKeLi4kAPBbIsQwRPTU2JZaioqEB0dDQK CgoQDAb1eX2CGs7p6tT/C0xj/bQCLvwA6cUY1SYtFgFRUVEYHBxEfX29DjeZTHi4RqwXB2MsdPL/ gAWAsQeTJIk4rQjS6HWK/syZM6LTbySch/8LqJdqWsQnJiaGkicW/J8JGfx+P0Sw0WjEyMgITp8+ jeLiYohgMd/b24urV6+iu7sb7e3tuvYJD6uCMaaJnYTRBiGRyLFYLNiwYQPlI3SDjo4OpKWlobKy kmah6+52uyE2Hx4eRl9fH8LpmY+OjoZOTECTwWAAGVcUhZF2nE7JbTYbb2xs5DExMfp469atvKur i6ekpIjN+fj4OCcoJzgXp/V4PDpY7KprTNm+4XA4xFUlum6AdldpV1X0Q0NDuj82NqYKE2Naozqd TrW/v191uVzqwMCAGhkZqSYlJSEiIoKTbEwHNzU1vXfr1q1Penp6JDJDZ2en0tbWprS0tCiXL19W Ll269Miam5t1X8xNTk4qdEuFgEpWVpZh0aJFIFnDqDSDOri6ulrLy8s7TPqkkAwldPVdVKe7qS+N jY09MHfu3P2PmY1qvMJsNpcLI/nKKZEHqaarSMLiLVu2zP4NAAD//wNti5UAAAAGSURBVAMAh+23 NgPoC/kAAAAASUVORK5CYII= --000000000000a598900653ce0316 Content-Type: image/png; name="image.png" Content-Disposition: inline; filename="image.png" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: ii_mq6dvumc2 iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAERUlEQVR4AYyUXWwUVRTH/+fOzs52 t7sLlNIWAkVKKWBFomDFRNHEF6JGfbDR+KK+awz6AIkmq/KAMZEX30zUV0tQgpIgagqY2lrb0JC2 tqSFILa13dJ2Pzo7uzNzj/cO9Ls13Oy5c+655/z2nPsl8D+NGUIJrebCLTBWs8/Z1gQroCCCVMLF 1l27vbaGF73fd71caq3fr4OpGb720fpqsipYByig5Pb6Jtmx+3J4veg1yumsUSa+MyuMq9zVcNX7 bfcLgQ9j1YpWgHWJQcAf9c+xEB0UxlPjg57RfbbgdZ6xvd6LRbZneL8Rxzm/veED5cs6ESxrS8DK gUiX2LUjySy+ojDhelux1PfzNK8LjRtbNowZIjOO9paMN9rnSRGhT7yOPa8quNQJLWYvAeM0grHv hpoVdNPMiO8O/2mHDz4xjbq9Dmq2utj7iI2DTenQwKUZOXVbwuDZE12PwiSV0NrgezPE9KTe85GB EvkusxVhlAogtwhycqBEUnLjvmljuMvxwVTX+A4O61BO3U1M60GGWgnkFUj9JQPb4BFIehQt93F9 IE5hCxCxKMyaargUwYYKHyFps503YK23GqHb3oWNXAJWa8V6Xq11XGdsREw07MnAcQz0dCdgbq6C UVkJo3orGRbBFCVdCWByuY5D5RrgYFJ16g98dUpRVWchPRmjA49NBxHdF1TlThHCCoNicfiecobK hXlCa0jrQaAtrIkeqkxJfwHKa/C6bYTkjk24dSOMhw9lEZMT6PnFURmCPSpD0bdEJOIDs24vdOtf A6zmAjCZuGNnGTPdt/iBnXlEqipQygINDzlwp3OYTfvIZCMcTkQVuDiSbsE1FQtKIdgjrQvdrRBB UpfZ3RZD7uYEqmoKkEyBWyJRYjsraWQY/tYGZXNyP246jTwvezuWgzmIdmVFNA44boT+vlkGzszA DDPYB+dti3KTvrRiwtywviBzf9mngphFy6DHS8Bq0+6CLVE1OuQhN8UQIQFtnxw3+FpPktZtT3Ji I/mVNT6GOu1jiXcxqLOl1MIyrABrw0RLZTk8mXQyJdRuy9L22iz+GYsjH66lHYer5c6ny6QAm0Nd xS92Hc99pjd8+a3THKE7LdpBf6Oj6Zg/OV1Wf8DC4886CMXLeGNjDdUdsmRiM4kbVwpG5w/2iaaT 429rf1DQr+jmwXMzvoTLxaKEvmrVdQhtqaVIuZDwmPovFtDxff7NI1+PfagTYUCt0sIRw6I2D1Ye +vmj5FFMsWP3c0k9DKZRUkfPRZR4qMOhviuF916/kP6mNYWQ9lfJKvYi2iJ1HhzYPoLyVdqs+76f /jdXytiR3IRv9p63jb7LxZPN5yY+b1HH6pkUgjunPNf8LQFTCpJTEOE30O3emX1w8NLUsbYz+VO9 v84+/9K3Y8c1pXnZ86htq8kSsHaYg0ffwu19H2c+PfLl2NHXfpo8z7hXDe6v/QcAAP//2zdpYgAA AAZJREFUAwATv9m93+abVQAAAABJRU5ErkJggg== --000000000000a598900653ce0316-- From nobody Tue Jun 9 23:13:05 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl7j68p4z6gpm4 for ; Tue, 09 Jun 2026 23:13:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl7j3l5xz3Ncm; Tue, 09 Jun 2026 23:13:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046785; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=tivrbYmly80Hn94BoaLH7ruKqvQRduljtiGoPnKHrOQ=; b=d0pkB5ruZditXwmKvtRY1wPDn0CYzS7KFn39lTqle1p5uv+++atjPGsaTqoHrQOfr3aPUT KdMTQXiHfrN+RYrqQ8VIgsc3rT0wjWECqiOaMxGvwoMn6kR1AMz0U0x+T0oOoOIVJCbFk3 1EbhoxaKatlISALAXHHugzHtA+m5gWpygOIX9oimANPIGahs7zMMmBuwwoHxNTnbH9/4xJ ch2yAxIS4Sl1wTOl2Qr/Qh6w/FOq3qIWD3fU+E/bPp2GuDTcUSFeRC73kjeiBhC6mVCh3r bnw7lnCS9yB2a20mWecyZnKewRteQqBVK4h9Z21/jXbmuf/QrBkMG8z5Gy2d6g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046785; a=rsa-sha256; cv=none; b=QPvr3A8VCgZGP79bo3suxUPGmdxPbeq4qANiCpma1p/oyC8cIN2ReApgKSawzLBimkqpHZ 2hKng4b+frJQ1SBEciA0xpK6RfsT5Q4VdcLXze+6Cz9QKnxbPilYmP9wnb/hIrJEfaMjL2 Gy5tAi3u/b9mdfEy3CVyPLLiSkH4E6++oUFq/8F6bA+4KPeTMn5tfvgUs2qOw3JMkLj6Da L4zFmFYIa2lyIFnrRI6n51mzBnPZqddtAK6kAO3W1Y8C26L2rsPvHXblDTsc+3a3YHQHOR XazWkBUtM4x4FmdlmO5GYxJvCjLfPnl9kso6pveYwO5IXZFsQv7wjuTgRRC2MQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046785; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=tivrbYmly80Hn94BoaLH7ruKqvQRduljtiGoPnKHrOQ=; b=fg7u9l7og/Bd+xPnKScFF0nNgjTIRVvwLpjrvAVnp9jPXNZfojn1IMbAkajeyKhkfFqhS2 n9WwBakwIckkqg8cLW52wtU06VuPqVANJJXF5ERkyMVXTYfAnFTbuEMcYJ4OEXa3xsr4gn jtjRPIJy7L0KtZzcqTGQpczCjZqdNH1FXXRKycqrui6aGo3VAHH0aKEK4BGarrSc2W3wYP 6F10RjzBr7K5ngYnazpXI3yN6gZ4U3nqlRmvx5oBL4uIKA2yDKuQzu1EodtYGRUazh47fJ v9grNLYGafyU2pukFFFJ09oxrJaAcD6BHvLlxskPwiFBe+EkQRJdLZJ4lwg5ow== Received: by freefall.freebsd.org (Postfix, from userid 945) id 78D6B1FBE2; Tue, 09 Jun 2026 23:13:05 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:25.thr Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231305.78D6B1FBE2@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:05 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:25.thr Security Advisory The FreeBSD Project Topic: Missing permission check in thr_kill2(2) Category: core Module: thr Announced: 2026-06-09 Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Credits: Igor Gabriel Sousa e Souza Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:27 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:05 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:42 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:45 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:04 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:34 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-45256 This vulnerability was independently reported by multiple parties prior to publication. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The thr_kill2(2) system call delivers a signal to a specific thread of a process identified by its process and thread IDs. As with kill(2), the kernel verifies that the calling process is permitted to signal the target before the signal is delivered. II. Problem Description When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to the caller, but by then the signal had already been delivered. III. Impact The missing check allows an unprivileged local user who knows or can guess a target's process and thread IDs to send any signal to a process they would not normally be permitted to signal, including processes owned by other users or by root. The same check enforces jail boundaries, so a jailed process can signal processes on the host or in other jails. Thread IDs are allocated globally and sequentially, and so can be discovered by brute force with no visibility into the target. An attacker can stop or terminate arbitrary processes, including critical system daemons, resulting in a Denial of Service (DoS). IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:25/thr.patch # fetch https://security.FreeBSD.org/patches/SA-26:25/thr.patch.asc # gpg --verify thr.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ afa0c67a1ba3 stable/15-n283881 releng/15.1/ 068168fefd4b releng/15.1-n283549 releng/15.0/ 6f6c7b996719 releng/15.0-n281051 stable/14/ 72ad7baa99c7 stable/14-n274310 releng/14.4/ 31f6086db8fe releng/14.4-n273713 releng/14.3/ fa5581c379fe releng/14.3-n271513 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiUobFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvHNUQAMEmYLwDsVIj73SAnWE4 PN3KAVFvybeK4R4xYPiwPDtOrdV6HEb4G9O9VgZAomMzE9U7OIZVbXSjKdnEc4Ud /54Kg0VlURUCUxncndeBVnT56IzXf9uuT1HuAcSoyN2dDZedAGFbtIrg2YJvPyWL oOe1TyRrj03sP8VnznCZZsPYIqUb7UopdFHaVv2qONdlC0OSnODWiqeRJ8Z38tCd 918AbxTarEKwv5Qx8kV2mvvXIAaK1f6K7l2KqFGdp8HCf5C/plBd7vv6SEVvQhDj 8D6c1Syc/rUTkn6bmeLFinaPxK7OB1oS/Z+7DwJrjlusAhSKbBFcesE2hHYzxEhP 8rmevDJPMNZbouvuC4aJeDSKvGd5eUL+5Rt/EIijBsrlzZv1g/glllbTc/7+g3um aGP9c4BCDUJVjWxui5ACqR9pe2LWQwDtA7YbukXZqkH0M2OroxLRWWCyOLrAlela Eilf64XI6KliSMR+rAL6dmPLxFXVMpJXRKxJmUK3FXDi+Vm0bGaeRwCz49Ts+6XV oU7MRQG/F1w+lZRkS2XQ6YJTv4DBiDAofl7i0Rcjlq1JbWxBjpF8ArZX5VqSSi1y bOkum8QekuU/sbBIij7JyiEPx2r0ICm/pGXDYnxYuwd0+48orpu9uB6M0gKYEe6D mYgtjqeBtUCJwPKOzr36faXQ =rFeT -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:11 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl7q6l54z6gq50 for ; Tue, 09 Jun 2026 23:13:11 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl7q4D5jz3Nk0; Tue, 09 Jun 2026 23:13:11 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046791; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=a8OSRKIZGBdIHFE3SvEYpbWYrl/ff7HDFDWSQWYfkxA=; b=mAmPxF6zQL+tUJvsuMcYJ87R9QT0qSKC4dO9goDKL7uUBS5aRtASzahIB7FK5JBfjMEmvn ApuAtjGFxFRItAT0k54k7xuCGwoO5jumUG2ItxH0G1JUIJpqhI36zvrrywQ05kkg+/un4x kwbpDE7bgnzH9TCFcDYOqFdnoH8yZfL/kFke65S/CacW95LkxjE4YAAH8K1a3E9tRzn98a gM3XcBfxyjJ7w+GwMawbeFHf05FsniqIYFcFhTUpBPO8ga4yZLL1nnqWxh1X2iHxFv7eKK Ph7TEIu8XaMjFPG7jotZU5JcZ/RwQ165shpuxwKAQ1NlbVLdmkcR/ExRYVqYTA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046791; a=rsa-sha256; cv=none; b=N9ruHZud9uqyJVg2ftDfZFDVF0NU12XOmZNjYg/OIRvt/UaGkSGOZSBdglFlXgOF0Xz6F5 xkPkKyiPM9oqq4qFgvPnogwoWepe5Ck6+A2NLPtjfZ9RwcjMj6jb9ZgmVuCrUNlxV2F405 uV7JyDOTuy7/jkhiTFhVno+PMUGju2l5jQ3/xh+IlTYSTIoVqKpWjfdYWpMwzySIqgw2jw uAIp1ve2CJV/IFrWHGEycomMZJA1j7dkOeaneEcdanK7FQMz5/qEFlxSnU+us4oIptVj9m hcJHK/YkXOgQlfeqRaCwF4zlaRSdixbFz8SAvQeflxrbevqcmn0Y0fDfqwcsIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046791; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=a8OSRKIZGBdIHFE3SvEYpbWYrl/ff7HDFDWSQWYfkxA=; b=g90oQnhobXm7hRDNUFSKxdr9B5+b4+kDx2rJ9WfHw03vGDLzqfwnw38mqMsh4aRMiD+ayO z9jwR3kaNb2mLGYsor1JGAGHNyX2kyb3o6hTR4WkfnETQg7X6jv2Ooo9FuiYDwyVfZ375K FW1yvHi9u7eoqDcg1gqMf1H2fNFoSX9TK8drvmMBJ/sg+lBnMNSQQ+YryfwwD9VvUxzzpc vPdcvWJvyWOsgswer9Y1o9qyg++c+eXUFTmAiiLCLKolpIb653RtwiUXBPEJjVaGfic9FV UXXnehno8YlyaarggwUncUzQnU54byM63ig8bFP+VvC27Ib7lYMSS6hjBkvqsA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 781BB1FA6F; Tue, 09 Jun 2026 23:13:11 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:26.ktls Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231311.781BB1FA6F@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:11 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09 Credits: Bumsrakete Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:28 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:06 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:43 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:46 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:05 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:35 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-45257 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Kernel TLS (KTLS) moves Transport Layer Security (TLS) record processing into the kernel, allowing applications to encrypt and decrypt socket data without copying it to and from userspace and to serve TLS data with sendfile(2). When a connection uses software KTLS on the receive path, the kernel decrypts each incoming TLS record in place within the socket buffer. II. Problem Description The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data. III. Impact An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch.asc # gpg --verify ktls.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ a51345704403 stable/15-n283882 releng/15.1/ 48c1c5e3c348 releng/15.1-n283550 releng/15.0/ 540a315cdb46 releng/15.0-n281052 stable/14/ 333bdd7e9427 stable/14-n274311 releng/14.4/ d43259dd66b3 releng/14.4-n273714 releng/14.3/ af3398862ac0 releng/14.3-n271514 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiUwbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv6hQP/3x8lGHZpLeT8PjB5NMF xCfwzKQlu5vlkOqSv+9uEGsh3FQa9gHE/68SwZYa01waeFbTSKpBvrf1X4kRKGnE r3z8DSAPnVqSRzp4k0PNTxPLtF09FfWiMEBA+PIedL91WkG24gQ63k3fORVjkSvs a/uY1DQnmypV2mdV/S/hWmrtVCmi5itZKsVedZFoZHZ04GKwIObMoqXgtbUxdfhJ XvjSCqGgvpsUPVpE72nKYAbbL81w344tNOGtjoC07utitkLoHtMlYqMTfXCv0dY7 Oo3RZ408afAl1CalUdZ64KXJWqjCZt3FWxtn4ugZkewLc3cDyO5Y2ZUDMAb71P/V Sdq6+GRIC5wMOmd2C2Wb4C72FODhh4o4+n/E7qeIojT5jozWNFAFN0ugzNcqzuM9 b8ekwLWK9MbtjZWF1A0OhsLqQoYuBcwX4RymVJCfpEnlPEDwaf0fv/Sx/OyU9MBx zbT/Thqa9cB++4U6Obodcj55mXM9p23b9OpEnSD5FKlhxXPxCYW5gc2mK4k+yoKd 5ZCzzcdzbMoNgqyHnvrBgFGMsPggXJxaidsRFtVSb9E1GWQUweyN9hR10Gr8wX5j QL18EHe3Lcgg2Z+mi8NQ8lrqPoGpTIjZ8enEYHLrILe/p8JMjNU5fe+YqQTE0tyD pWQqqx8AYbHJsnCDELTeqt96 =lD4w -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:17 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl7x5SYNz6gpp3 for ; Tue, 09 Jun 2026 23:13:17 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl7x1KpZz3P5m; Tue, 09 Jun 2026 23:13:17 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046797; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=/xrqJjBwzZKo6uk2HN5I3zYauz/WFlGJC8NRs9pYiF4=; b=TW3Vy1LEEv5GPrk0eR19P8LGnuoUPhqwhcVM47QCnK/GeyQo1dL+DRmJfJnMS9jGzcfojd XLtLUZHRguajvlWPrlNrG3pDlqoGnqr+P7ZWgP9ePFL7/7qn3t+jJJN4tL8PXrlfkRRnRH H2Oor78lZKG6rXihplYEMBnGQ6+C/JrVSAjOAU1HicpDsj0sUEZDWLORUmrGtdPAQx5a/M 9IIoS5cewYIdQtfqUNtcDD8pLSDMR/n89fW5INjKcKuzsdDbHyRgFt+a5wAx8TfeVbYZ0g QdUzc8O3Zyh973W3e9Wp7ByZsHuAg3rV5miepTw9bTHkPT75qutoTwold6iKPA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046797; a=rsa-sha256; cv=none; b=dCywFCyW9RFhPSlH4Dkd9Pp/waRR0V4AOUp46eMYa724fhj9J88PFPidGmFDO540MTdzK+ 2yIkbcyg3dYerX3v9f3pOEY1HxUAW9bhUMXeAJ7KLLoPnoZzlBySlaAOXtubCPFl5RxNzX wvSBfpeflIAniNQraCtlpbZuNe5fUFH68CpW2WOFRT1qDKrHUOzd7Ol/YsNIE1IXdlzyhv nIC6TxcxrpRfv/BlFkrCuJinsCFWBphFDeyP5ilpXo7kwuGLeN0yuO3a9an0FYzszg+IRy p9mgOHJRVA1eZzn+yn45DNIPwqkrzsCiZ25pYrByOpaoOEaomzzjkWIVPxOxeA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046797; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=/xrqJjBwzZKo6uk2HN5I3zYauz/WFlGJC8NRs9pYiF4=; b=bKk2Idmmqv+LcGe7x/qDKkP+I1uJmO0l005v8gPpWCOoP+uRIVPs+dcDLCZNa8DrcrvmZt WREDy7SUHupFE5T/NtKx1LQm71mzjGdDIqNn2ac0WJGHTQU4DhF0D7kbTpkGISQ1ilcu+e ptpCg4fRg7yt5x3/kU82+VtObyNLSAUQ8zvsn33ryPpG4BUzQuwIdzcfgghp6/poDHNc5m a+5ICqL+XRps0ZBvHGfbpaJnTla9Mv0whAeugIBuMqfEfdfcIeZl5KtKyf8+8amc9owMf6 jrKGzCJx7rRJfdJNgw5de2B5wMm2jM2dXKDzvT4TbcnjR8j97GJSExyAeibWfQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0A3B21FC4F; Tue, 09 Jun 2026 23:13:17 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:27.sound Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231317.0A3B21FC4F@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:17 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:27.sound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in the sound(4) mmap path Category: core Module: sound Announced: 2026-06-09 Credits: Lexpl0it, 75Acol, ch0wn, zer0duck (CVE-2026-45258) Credits: Emmanuel Genier from Quarkslab (CVE-2026-45258) Credits: Hazley Samsudin of GovTech CSG (CVE-2026-45258) Credits: Lexpl0it, 75Acol, Liyw979, Rob1n (CVE-2026-49417) Affects: All supported versions of FreeBSD. Corrected: 2026-06-09 19:17:31 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:08 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:45 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:48 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:07 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:37 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-45258, CVE-2026-49417 CVE-2026-45258 was independently reported by multiple parties prior to publication. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD provides audio support through the sound(4) driver, which presents each audio device as a set of character device nodes such as /dev/dsp. Applications can use mmap(2) on these devices to map a channel's audio buffer directly into their address space. II. Problem Description The sound(4) driver contained two memory-safety errors in its mmap(2) support. First, dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to a buffer address, yielding a mapping that extended past the audio buffer into unrelated kernel memory. (CVE-2026-45258) Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. (CVE-2026-49417) III. Impact The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS). IV. Workaround No workaround is available. Systems with no sound devices are unaffected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.1] # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.1.patch # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.1.patch.asc # gpg --verify sound-15.1.patch.asc [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.0.patch # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.0.patch.asc # gpg --verify sound-15.0.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.4.patch.asc # gpg --verify sound-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.3.patch.asc # gpg --verify sound-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 7628e1ddfd52 stable/15-n283884 releng/15.1/ abc077216bac releng/15.1-n283552 releng/15.0/ bda153dc04b4 releng/15.0-n281054 stable/14/ f8f9050d61dd stable/14-n274313 releng/14.4/ 0e8cc8d8a49f releng/14.4-n273716 releng/14.3/ de5fd56985c3 releng/14.3-n271516 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiU8bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvWEsP/0Ge9wC58QJLIkykVAHl hZoU1NU0DaY6L03B4dDiQkbX03CZK4taPmOE6Wp4AjxJztw0gF2SyWY1xHeUafPY NzNGJFhSA+Y6yGiBhffDtewUdfFnHg7JVvmU5KYj5xfKrxSksYOnv8KOuGeI1Vw0 A25TIrP5bKVFu45s2SCNrCHeXMl2Nm2ObMFdd0ZF04abcXyMQbSLlWDA15ZvtSXB e1nOKZTrfHFSGXIx83SqtkTMY0SRbNvGZk3uUAlIXeQR2q4kInyNy42R3j/av4fh 0Il0ZLapO6lTfJwwl9E+ZB4OpE3LJdMap1rrspGo/XMFZOACFCkyrBiKSQHkhkDU WAHtGNOvKXCll4O0LZfEjQkQnGsBhJtmhthF95O8cADXZG+G1crj3+IBL8TLRUWw QsH9dGrD4rNUWaAueztPUEza4zJdbTAgEfSHvauuAlq6LCmrjiyJFmNYvPsNlRGG JMJa5PKEgguR/8054XHlsN8GdxYup8b8bYp55KcTbAjfyj+HAQIJp17tpZKiJjR5 wfaMtkNhCgzM44oGaWbVpwOMeWB/YtrkR3h+ROzAwVallVBoIuUWzu4as3sSOB+a GSwkPy+lD5m2qojRtXuGw7bzvdu2fx6iEeMt1XogXbHxiNxi1tDg0QJDNaWTojk2 Nh8uk5rUl64eHOU4DH+ztFLl =eTyF -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:23 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl841zLqz6gqGg for ; Tue, 09 Jun 2026 23:13:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl835Hwyz3P9L; Tue, 09 Jun 2026 23:13:23 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046803; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3HzqdQupoOuFctlhZgwa1RQauoOO/dKv5Bx0XIdv9fE=; b=FijllurXpS22Wr36y6fXckf+aNQDGklqzXovgRCVsKor6Y3OynOJ9Xk/7bUJZJViSJzR6f Q/QEVk5ssXOV31H6/r7Gf/3pjoNfRr/BsDgDghWCzJM6yR2pFoIL0kIck+m1z9Ksep5j36 jxP5NjAhxb71w93RTH2gVCGHZRiH5C8rnA7zX6wt3Hh1LQR2XkZCi+KRcDcG+2GXQXfsNw NQ2cvqdJhEY3WX2NosOgkFhWIOHavhIKL9mOjBBAFy25jBQKlBle+g8n4HUreUmrSma4rl l2/BfwON731eKpbza5u6iyCvAwDcEQBcJjEFnCjia9DACo7ZCWqrCjLFOMWgDA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046803; a=rsa-sha256; cv=none; b=UEhARBg07pglRI1cez3FKZxenXV/bhtPLCqk162CcdfYjU94vpG6Nz6xj6RZ+VYvXBqcbl wfu9Yi9uZh+bPz/t9sL1Xx+Lrbpd1SwRVNV8g5ZDBrWCsX+prL93GCUwqkwxFFvnPrOGol eN1/fUF3VMydCbihcEXvN+wdA61TJhOrQ2b5EDjOfDDWqaWKM3NFGTVjF/+od9jJEi6EXz fQvaXh5WAfIwYZnZelByNui3A5rJ/th9fA9TDlo40kIjow4DfjdDDoFBrxca7eao9b3V4j VXQV4p6jDgX9IrsHAiWQ6znpOnTojRuaz0BXBL0rtoK8tMR5YczDQS3hYhhBXQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046803; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3HzqdQupoOuFctlhZgwa1RQauoOO/dKv5Bx0XIdv9fE=; b=R2FrqY5CKOfn6ghmcf9bBI62IREYh76vI/SdhpkJZB8vq8QyfRbuevgeqVjD+V9zrlfKbp m8IYaYcfTQeKGgImZJezanq7XONS6GEW577IXa+ABroHLrghd6djVv8sl2TVE03qHd2XfG ZXXcHHSTDz1IzmwK7188Idqc5+PAXzcrnVf6mmqy5nnf6bbDkSxnIJnd791vfCNwOwQMPl Kw/Fc8usFNfKs1s/fcFtvEVjyxbUf9S69MhjMBItRKr6BYKPLXt/9uJ3/YpAuasAceoqov KE4zPk95U4oWl+5U/AHzqZGMTzuXsFo1lVLSpVsn6jlO9oj/V+HkFKWP7GfTFQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id ACEA71FC52; Tue, 09 Jun 2026 23:13:23 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231323.ACEA71FC52@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:23 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:28.capsicum Security Advisory The FreeBSD Project Topic: sigqueue(2) missing capability mode restriction Category: core Module: capsicum Announced: 2026-06-09 Credits: Ed Maste Affects: All supported versions of FreeBSD. Corrected: 2026-05-29 19:11:40 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:09 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:46 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-05-29 19:12:58 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:08 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:38 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-45259 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Capsicum is a lightweight OS capability and sandbox framework. It provides two kernel primitives: capability mode, and capabilities. Capability mode restricts the ability of a sandboxed process to interact with the global namespace, including the ability to send signals to other processes, other than via capability-based interfaces. In capability mode, kill(2) restricts signal delivery to the calling process only, preventing a sandboxed process from signalling other processes. sigqueue(2) provides similar signal delivery functionality, and is similarly permitted in capability mode. II. Problem Description sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. III. Impact A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.1] # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch.asc # gpg --verify capsicum-15.1.patch.asc [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch.asc # gpg --verify capsicum-15.0.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch.asc # gpg --verify capsicum-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ defd9b86ef99 stable/15-n283744 releng/15.1/ 871d33e8a66a releng/15.1-n283553 releng/15.0/ 77ee83d12625 releng/15.0-n281055 stable/14/ d11ff01b3aec stable/14-n274231 releng/14.4/ eab757f954ed releng/14.4-n273717 releng/14.3/ f56e8cb94df6 releng/14.3-n271517 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv9xQQALSpP1xklc9UjGzlSpTo 2owWykX02TVDqd7a57jEFpak6F9sJ1B83jrkEQVIGjBGQpTIWYt/C34QEzeo502F +dqfqXr32MyudPDq+lsWB7HhafG/gktTDpibJrQkqPDdTc+TwzzhoHxGAdckAMsr vCqnUF6UmtmTzQEyoQBqPGPWbVnyVboOQ0ZvKouMZdMBVlC7IvWPDlbpMEOLePTE NPHeuxFYbFHMUkOLq97Dhg4XTqdIG0t3n/0jA1kjCDvJWDbXpR1bPy1USTNxHO35 xjeZshL2IWXDJSxLFBNE+cNFwg4dyp5vXcQXh3HtyMC9PMPMyIbJT7zQluV3CVI7 9gC6MMH7QiLssj5hJqMSXccrNzkag6Alu9ET5A/NtoGjyogbXmIPsQ9hLAqf/c9v 5m4O86dlHBL/JsGcPqsGw3+gucqgso2gy4yQ8h1GqGwNGv440TMAHRz5eAu+qOZq tDxo3OqK3HIEoChiQaRZp5bc/p0L1Rfka10J0HmIxB2KkdHEjdMn5SBsEYRsIv5v Sp34rl0cLm0oHraIQ0jNVTwZetrxl4CMIAexHYO1hJ+jZDRdBQ5CC7S83+t2Tbnu JgRsm6A+1TZfWsaflIx9ga42DEndXgqpmdrtjIFoO1zNQjrvcd3sqJH6GTMNdywg 2woyv6Bb/bwINWDE7EhicoJl =WJPW -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:35 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8H3swZz6gprM for ; Tue, 09 Jun 2026 23:13:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8H2MNCz3Pf4; Tue, 09 Jun 2026 23:13:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046815; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ijLis1D3PnaXPGRkb/gipWkcZRP3C7Z8qoyPSL/kqfU=; b=G4My2xo2uCcTRVgOLmTcFyW3nGcRmW/1BP/DhBKSWrujtRwjzhIwCtA4QCrlyUzBN1Xott npot2LOFQBZfIaDqO63xWANo75VUySm1H6VN/CWbJMXeJF1/rr1hbQuWJVgt0fgiXVCIFm WS9zUh2PPfnySxcN8Yp/nFK1YzC1EFqvDOptVZlnVMI9V/rd2QuEuQHAf48zooRMaWUuPb +Xw48ALaxDWVi57M73LiCXvmuZLWURcDW/dkE5ParzHlQ6+DEG/ncJKkJniBlUz59d5eSz wx0DSONQL6IVb/FnheNedzN/DaxDEDDxVpBBt5PslYWedmTvQkqcfn1oQzLcyg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046815; a=rsa-sha256; cv=none; b=NI0SAJ3zxZbEm7bvJBHleL4uMX/qsqUTQdJofkGnZNxjf+PT2PqwfsQCG2mwpvjh8OWT7V G5lPV4pRLhkhrUwbz7AZLz/ExiD9l4cvrFJI+E9mR17jzHBDtkFuXnn8YhuCf00quMT7Eu Ka/6e++6jzrFKPbEc780xetc4WUr1ze6+l5r3OchpCLUZY/kABev+W8ayDBYjAhNDIuKkL 1dDnfkXGVfMMNpgaGY363d3o6TrnA6psM34mZKsVc70k2EzePOYXzssOAp49INmAXmjBdz 0oIFYe/n1Wf/u4OrefXbUeK86mSPYxfiuq3ewvrDU4bEZtGtJRi2Ay0BFYsU1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046815; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=ijLis1D3PnaXPGRkb/gipWkcZRP3C7Z8qoyPSL/kqfU=; b=Eoq0YuKuCH4dG1PjFRLBoiTcfd5RXIm/VDeYp66HGiIq++8HMjmtKGc/6F+63QpYKcFnkC Ry2Y9JQbCHfmu+DGwMPxNQcmyxUJeAJicF4CU3OyyFDv4Eck5iwgxZmdqb46tCl81/TqtR oFh3PW8i4qZs9pEKv+QqyDO36kU3QtxqdYRqbKMeQjVJBfzHA9UsRUKJolaWTDTdqcWzAi g1KVKVg+WVxyldrvTvV05j33niw5up4O2eZpz/tLDJk/UT1QYQlKy6aL4EIFwKAa1jIsvA o85jrC+xuV1aC3m+sVeXeBg7T2+tlJmGak+ZDtz6O9lh/XxidzXXrDujG2XsCg== Received: by freefall.freebsd.org (Postfix, from userid 945) id 391411FC55; Tue, 09 Jun 2026 23:13:35 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:29.ip6_multicast Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231335.391411FC55@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:35 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:29.ip6_multicast Security Advisory The FreeBSD Project Topic: Use-after-free bug in the IPV6_MSFILTER socket option handler Category: core Module: ip6_multicast Announced: 2026-06-09 Credits: Andrew Griffiths at Calif.io Credits: Maik Münch Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:32 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:10 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:47 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:49 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:09 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:39 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-49412 This vulnerability was independently reported by multiple parties prior to publication. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD's IPv6 multicast subsystem supports source-specific multicast filtering via the IPV6_MSFILTER socket option. This option, set with setsockopt(2), allows applications to specify which remote hosts are permitted to send to a joined multicast group. II. Problem Description The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. III. Impact An unprivileged local user can exploit this use-after-free to escalate privileges. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.1] # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-15.1.patch # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-15.1.patch.asc # gpg --verify ip6_multicast-15.1.patch.asc [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-15.0.patch # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-15.0.patch.asc # gpg --verify ip6_multicast-15.0.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:29/ip6_multicast-14.patch.asc # gpg --verify ip6_multicast-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ ce2b95932ec2 stable/15-n283885 releng/15.1/ 3d80e4aec3c1 releng/15.1-n283554 releng/15.0/ ed4692b8226e releng/15.0-n281056 stable/14/ 522182827ea1 stable/14-n274314 releng/14.4/ a7062a6de005 releng/14.4-n273718 releng/14.3/ e6859453de61 releng/14.3-n271518 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxMbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv7wUP/30Oo0Z61lnOg4P7VBtk K6bljtcQ0SoiW++eWtX2TFHqCrcNS0qPSxQFVKDkkUf2Wx9M/zfkhUWnTpAwbQdB m+8bUN8CGEjhvAihfKgCAQZGSqcVq8A2km+JgFpc9ehZ3RjnjFQ0DYZTOh1goZiQ TPsWf8NwKQfed1LhQcDLp0hw7R4//wBICfluzFvLDqPG7TtcAvcJN04jrmd6XCaY zddGXzWvrPGuRPY7/xgiwg26B4yK/OwzOJ0uBzBGLGzkuUKJjZgzot3kVy7WmTVw iWKRChKQiakM+hkf/xi3CZiyUVGdlxd5GDWxJ8HvaNkYtk/iRzvalVMkSrZNdnaJ rVMCmt0d+PxD6+2xORikqn+FiYNc+5gUB64O9t74+L1/XMtM0IWz/g2Zs66qding 0gABccQX5217YvZK8fubpihEPF7NCNblfikIZbdWYwmMk7azQ93tTO0ySCpuzIVX +OJWR2QRrz004ohwgl9peBfcDEvbxN5KEovVDt/QTZ1JGKQ8AeiJCd7JZsNP1zMw SAOof6EyOEzuilT8JDmOXhnXptOVwCG470bD9rYL3O6apFfcWqFVh+5njEaGMrBf 8W381AnPDmkEROxj3fzJkM7Xik64aJrHgLGFuHZAQ1Yjpr+SrJRKcdHx295qFp4a m+8DOaIYeHuOhRTGRLMubJIj =uFAo -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:40 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8P2rlxz6gqVs for ; Tue, 09 Jun 2026 23:13:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8P05Dwz3PTZ; Tue, 09 Jun 2026 23:13:40 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046821; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4vPtQJOFqlvPEYNtA2P7eLcsN2Cgf85xqBn3mPKjsIY=; b=Mu6zee8LPo6XgyfCN/NorcCpBg9lO6ZWEslTilu9Soji9te53roAv3tb3s7xmVEMLEDmCp LSotjF9lMZoUWpi1uKiH1PgbJLax/TBoNRaWK/P2t6xitexPCRG+4xLp7iAZU7PiltPuJR YOLCk4egmXbId0xzB5p61nobX5C2X5GgDOPaQVSizSBcio3vuxo4DwVh+GldFe6yoMVmAK d0omw6LZ4sTgVjtjADHGIov8pdqSlT2uyu/hzpqqgXJJhIAgbCZubb/m7OiZ0IzxNBEbkB v4NZSnE9fCpRqFrIdFqMgqs9NC8f3Q0h1AAHBcto7fvaJkhcr+PGLdGAE99dfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046821; a=rsa-sha256; cv=none; b=D7ajD7QQl8m02u1uy2cGQoe0EbeBhg8WSJZVp8S9WoxsZWsmB2poUvHJ3r7vyPeioKC5gS UqRsoLdcbUXjpWtWLXK/ZeAk5Yn3rXFjvqeQJ/MS6og/3fdyoorjfJQcuiTcw67wlEU+o1 oRNbl41wn+E8jC9K8siO0bMokOMg0rvQwEmYU9IdUJ935OKjcRf6AI83Sl5Eq6u2xg7HgR 0OSPaYgZm0nllWizNA23H5IT9kl5b4/tZ9ySP5rbCMuPyETzCPpIBrpR2GsJPK410u1h8a 66PCrvNw3RbiktwfSo9JbEWYQQezVK3I++/VYwcF9K2HuN/lkERlsG2ff7zGsA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046821; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4vPtQJOFqlvPEYNtA2P7eLcsN2Cgf85xqBn3mPKjsIY=; b=TAPixOUJ+IiLEwGRcAL/WprlIFKUbiFU30kjYJUYKVH5uwHj4XgeJSrP4373Tr71iWQLU1 Of4tU+zzZEkCMl0LzXE53a70ebdz81TBIVojoZ+hd1AujLH6WC7/K6MvQ2XLWdP0NYWprv BKqduQJbQ21PF8WtCt3uyNuW3e93aDwC0wHCXjR1cN0Mi7GLgF8GlTahezZc7S9430oGQZ IZAYsukqRN8alqrkptrG0g8CgV1AVMzKzwU8psaXI2SLMYLRcjyxhBKb90Wz0Yvdg2pa0N XGoO3AaZKmEb5utCILuMt6mTDz63AEvaxm5u1lXj6XS4lBWI6EoS8DETCtCBYQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id CE0F11FD25; Tue, 09 Jun 2026 23:13:40 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:30.linux Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231340.CE0F11FD25@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:40 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:30.linux Security Advisory The FreeBSD Project Topic: Flaw in Linuxulator execution of setugid binaries Category: core Module: linux Announced: 2026-06-09 Credits: Minseong Kim of NSHC Red Alert Labs Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:33 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:11 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:48 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:50 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:11 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:40 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-49413 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD provides a Linux system call emulation layer through a loadable kernel module, referred to as the Linuxulator. This allows users to run unmodified Linux binaries on FreeBSD. When the kernel executes a set-user-ID or set-group-ID Linux binary, it passes the AT_SECURE flag in the ELF auxiliary vector to tell the runtime linker (typically, glibc) to disable dangerous features such as LD_PRELOAD. glibc's runtime linker relies on this setting and in particular does not query the kernel to determine whether it is loading a set-user-ID or set-group-ID executable. II. Problem Description The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. III. Impact An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary. IV. Workaround No workaround is available. Systems that do not have either linux.ko or linux64.ko loaded, or which do not have any Linux executables with the set-uid or set-gid bits set, are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:30/linux.patch # fetch https://security.FreeBSD.org/patches/SA-26:30/linux.patch.asc # gpg --verify linux.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 3ac9726c4269 stable/15-n283886 releng/15.1/ a4d36c975be0 releng/15.1-n283555 releng/15.0/ 0b18ec59972b releng/15.0-n281057 stable/14/ ff411cc40cd4 stable/14-n274315 releng/14.4/ 3fe092282025 releng/14.4-n273719 releng/14.3/ 0dcf9bba4b9f releng/14.3-n271519 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxUbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv0MEQAI764nJgo/wT5iqrDJrx F4G4LlMCqgxEB82jU48GEvy2/vbjp+nsB7hpQW/LnANWBmbbZzFUutXEqLcZKZp1 eE8ZoSoqTbCw82t7GJGcNrIt3+woBgW8IGb/onL4VxiVuFPEU/0GnJ8nwwOa9LGL LjdtvRcXaKVnWWqIDUq25cuz6+yBu5UIDWTbSHFeWr8swVhKA5Vjt1wKTXekFJhy qtEVWv8Jm5nb0C17eRYo8AY/nGh1DZv7LdJNc4dAZyy3H+QNDH7P7atYvyU06pvD Q+YNH6HENqqkGvg0YAYqrol+5me82oIK/Sz66b3VBYiBLD4FX8LaJePOfhSoKof4 f9Tk6lvpouJOmOETwZX2sAYrGDh/LMd+l/Np7vDMhQSrow4+0CDNHSI3yur8Kfkf I6pyEC3iCVi6x/xsQ2AjInMCz+Pw+YpKLKGJLyNT9hKqidQq2ebTBe86GMzPZtAM OdJ7rRMIXt2QNJmovverYVMBVBd8rXBVn//gB8Uu5CyjHG3jN/f/Rc1BhADgBS3R H1KOBxIOl3CzXU5GLxSEniI7czyeY2q9paWwddPR0BK0mqF6IP31OEekc0irRmjC damqozUiNlFFP7rC2fj2eVbhrowrtVSpo4D4oEsI6EPkVB3A67+Pq0untDa096gc X86EUvnyRijJsIl5JXb+OJoT =4LUk -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:46 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8W11Jyz6gqYs for ; Tue, 09 Jun 2026 23:13:47 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8V5GkJz3PtN; Tue, 09 Jun 2026 23:13:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046826; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=eklNOUy52+TaTE+SmqSuZiXSHwTe2b9EFjl6nXX5btg=; b=H1kYGCceFNEWe6qXftXDfRUYcA7epwJqu8q7Z4yDX1Zd6yvj534nJ4hYwjYEQzpctOKwaO HudtztkhHoDcKS/Ti5G2A3yMjD5+Pxe70wFy7lS7670EBVYJuqJTNHV3ArgTG13d1SMjho 9Tus1K7t7WmaMVaVhqYE1Md1trtHZ2YDTt4oTicU7rbq7lRZfu5rwgazC2UKROboMxsgq9 yRTx5T76Rr5z7o1Ftfjr5XZaR7fRLjc87KTi2dB9OAO52lHZ8AZbNDc09jsaREurMApWa0 xxPVz4Wgv4WI6LPnO69y8BBKxQxSgiaiDxKlTELb0xYWlQhFkUSzkw8FtIutUw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046826; a=rsa-sha256; cv=none; b=OnfaUcSD2LOcB+lJ5K8ehn5A9JqyZQF40ARFOZgjF6CHnlfUNuQa3Z4YJHwcr6LUzsgHvw rXrcChQ1/hrncODDcWHXTDXetrLPO3n356etGj9v8tMEyj+Yo0hw1HusRzkw2OonhnxvpA yAo05xC99wja/Xvgs+G014z0LRs5r7i4v3CD7kG4gnL1z6tiOdDd3XnRtbWFMW6O3Y11DZ 6cJsjm1yt7XIqu2TJTjKztPsBOM9go5yWHFCS8VpKMqmOnLNYu8BgeGFuuW2Kn7pMgZaMu 2DHQkgv2wNWpndC3Ex3FmdKvwANzMo62N7qFfyI6bUf0HfrS/84R3OYJ9BNZ+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046826; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=eklNOUy52+TaTE+SmqSuZiXSHwTe2b9EFjl6nXX5btg=; b=wyJILZQo2caxi47+YZcCfa3wF8sJQZbeElBXo3+tyeC3l/tNf4AJvK+c2b+i9x3qb0B/bK DXPFhACLheRezyo3Il2G1JiHG6uj7NNV5zHI+9mn3luGoR0YN+KoiHz7BgliB0oMko89Hq 5T+/JuWJYMvt2fMbOA85K14r69K4ZuNvJdEwSK4pH/Ogd5wl6NtbXjDQxIzcAmgue/3QvL V1HeLiMWYAs74hch0gk5mIIC1UxoWxQ+1ZsuCYSEIk4M4T74FUgQviRgCJKHyT/zn3h+NJ W5YVB8thaawRpXflVdsIf6kg9rnJWgf8oRh30r3rrzRGdOdBSyAJUH/ufk3M2A== Received: by freefall.freebsd.org (Postfix, from userid 945) id ADA801FB6D; Tue, 09 Jun 2026 23:13:46 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:31.arm64 Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231346.ADA801FB6D@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:46 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:31.arm64 Security Advisory The FreeBSD Project Topic: Arm CPU errata may bypass page table permission changes Category: core Module: arm64 Announced: 2026-06-09 Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:34 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:12 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:50 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:51 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:12 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:41 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2025-10263 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Page tables control the translation of virtual addresses to physical addresses and the access permissions on those addresses. On Arm CPUs, when page table permissions are updated, a TLB Invalidate (TLBI) instruction followed by a Data Synchronization Barrier (DSB) must be issued to ensure subsequent accesses observe the new permissions. II. Problem Description Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has been globally observed. III. Impact This erratum may allow software to write to a previously writable location after the page table is modified to forbid writes to that location. Consequently this may allow software to write to memory owned by a higher exception level, possibly allowing software to escalate privilege to that higher exception level. IV. Workaround No workaround is available. The following ARM CPU models are affected: C1-Premium C1-Ultra Cortex-A76 Cortex-A76AE Cortex-A77 Cortex-A78 Cortex-A78AE Cortex-A78C Cortex-A710 Cortex-X1 Cortex-X1C Cortex-X2 Cortex-X3 Cortex-X4 Cortex-X925 Neoverse-N1 Neoverse-N2 Neoverse-V1 Neoverse-V2 Neoverse-V3 Neoverse-V3AE V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-15.patch.asc # gpg --verify arm64-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.4.patch.asc # gpg --verify arm64-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.3.patch.asc # gpg --verify arm64-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 9d9d6c6e6081 stable/15-n283887 releng/15.1/ 81435fc0882c releng/15.1-n283556 releng/15.0/ a53619675cdc releng/15.0-n281058 stable/14/ e99aa8682dba stable/14-n274316 releng/14.4/ 889e306ded21 releng/14.4-n273720 releng/14.3/ 61d0cea4c00f releng/14.3-n271520 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiWIbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv4nwP/3M5KElYqojhl044KzbV UyoCXW3MoTm+aXnjlkf2f6+00EHtEkmboe3fYGwsUGFOp9uk0iNgDCE1jMmAhDY7 AJSegcxbUVhCcZwxfaUkIDRtv3iYt4vkN59se62/QrgA/2UiyBRWMJLYvLN4ZF0C 7xuwJVyJjHq65Z1jU4noaXQ/UqaCQgPJBmZ2XL+OMfJtdHZdproN3vL/7BLXaPwv wuiZSc/agrBQgnbv4IFlNWc/LtXo+Hh3/vSSw3U2GUnNHARLxb62Kj2vaMz9HWP3 ObykAXru4hpLXdRndf+dsqHCow6slbb89Iqzn93axbmvhxvuOdNNkNkS0Yfj+B9Y kMuDMqTR8Q+wXFY5JlTsTGGH8paDdyYWeZUHsI+2HqgYWS8CMQJwal2hErT4TG82 gU0xIIpZKHc09FMsw+z/TjNZO0aLQbbZAN45qpqdvZoQ174jX/ZVtkIGEOSQXyQA YT4O/yozBjNABBTYtCTVwdnJjM6L4sva2mKbtGnCTS/3tC2dVgEhsgE2zwzHtGPv lAtJwTbqyLBOP+aUFh2w0OaNwy0c5bB88AxyS/EKcliHtyAveedbXYFjLLVIMhLY tpodoCSwrM6PgkddWy6+YVCbcoD6JfS1U5T2IH0EJXPSQvV8SPbs3LRY4F7O5zDi x+jJy5JL/2hjps/C/581Iq5y =SmlG -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:51 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8c6PFhz6gqRD for ; Tue, 09 Jun 2026 23:13:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8b67vBz3Prt; Tue, 09 Jun 2026 23:13:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046831; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=RoNN8RCs1wM7XAfR3qVxg8oQM+5tmWCaXkVhwBhrD3E=; b=d039ssw/4N07VmhTdfkPNpV8svL4uqFoNttlF/xJlMwDgMfLx5uEGRf2T1606pwLVq8oEp i5EG3vVL/nj+pBgOELFYsmaa8uCFGbXuDV3x877VWB2WCwFigrMGfkkLfTHRVr7IWPtazX 5tGPLLrJzQ3SQg9NxMYfiBJ3gOK71yF1b9I91mBHju8fAv147SGykv1XOGtWVSv/oHmbsC XXVwKbbDq+TpEaZ0HC5ncHza40IkJHiZsRPOitDlqk1qF2fjzQsCatvCchd89PgPFXZEXO SgY8cQtOgd1CIntXq75nhvqDttbQ+/JMG0Bbx6LzAfTaJXklE4QB3OauriutnQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046831; a=rsa-sha256; cv=none; b=ak/io5AuFRM9pUshBhbH/3qmfWk+jEFtsgqzt3F02Ed1S8hswyh1zY13UHTvm4vg4PNplE ZNUEXhjKSB/kDfh/ab64FfQM7uXlvTwR6CJ0OVKcHkFPzTx689STJ8Ib713oX9yCfBv05O A4xa7+Y0+Pf+Fsmznq1D9MNGafpOHzItYoC46PQYu1WBeMHIHVKIoeY4TmP0Xp6VrgW3jG PpY5nPELjqHMRK2DMjkOwY521eMR3x3jlajE0Lt5UqM7PqozgbATtk2YDSVCgul4vG+tEg dlw7bSTwHJSGa7UyQDQyEtRoznOzsExfop3Pgt6fe5lJ6qVYqPHbwYuUfKKYcQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046831; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=RoNN8RCs1wM7XAfR3qVxg8oQM+5tmWCaXkVhwBhrD3E=; b=Y6PiWvDzs72ApRFgN8usCbBS2cNqxTLUwM7f6C8q6ZBdgS3+PpnjE56AYTmwWVROwrqPZm czKrpieRqwGVyky2PfdzI8e8vGC5ebn7BdG1w9SSnFP0oRZBGgW5OJO2PtEfCDPS659Loy 3q2RM5zzJu6+JtH+UMqlaZYAUQDbxd8U/scoltvZ9q8Ay2y57DoYTEEryp4Bg7OslNnNQ4 HL7WBWEgzG1JmZwEVa2EWmcx6kifpBtymqEB7WylgDuhGLlY+A3qKMCRRYxrxBtKmkEp45 0RUYPqJBPlKIye9lEJLdRxtxbHio0Gj+gxVMVuVet3zHyQGW39nlGK0lqB+unQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id C1E891FD28; Tue, 09 Jun 2026 23:13:51 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:32.elf Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231351.C1E891FD28@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:51 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:32.elf Security Advisory The FreeBSD Project Topic: ASLR bypass for setuid executables via procctl(2) Category: core Module: kernel Announced: 2026-06-09 Credits: Synacktiv Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:35 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:13 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:51 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:53 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:13 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:43 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-49414 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Address Space Layout Randomization (ASLR) randomizes the base addresses of executable images and shared libraries in a process's address space. FreeBSD enables ASLR by default for Position-Independent Executables (PIEs). The procctl(2) system call allows a process to set per-process ASLR preferences, including force-disabling randomization. When a setuid or setgid binary is executed, the kernel is expected to ignore any such user-set preferences if they come from an unprivileged user. II. Problem Description The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. III. Impact An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-15.patch.asc # gpg --verify elf-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.4.patch.asc # gpg --verify elf-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.3.patch.asc # gpg --verify elf-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ e1cdc49846c1 stable/15-n283888 releng/15.1/ 796579bcfbc4 releng/15.1-n283557 releng/15.0/ 6e51dfc401e7 releng/15.0-n281059 stable/14/ e417948e6139 stable/14-n274317 releng/14.4/ 547fc2a98a24 releng/14.4-n273721 releng/14.3/ 744f62ccbf82 releng/14.3-n271521 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxcbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvzjAP/izsPLlrhPmUVbO6pLVA 22HiuxV4URIIzMe4SbVa8ALyWM85TNAKjRUyr7VwAslFvfzRCtL0o/w0Fypsvoss a4jpiC8QHjeUFlRz6fmYq4sgHZdi/sz0zOmGKHVYiCA1Jdrp1tM4NxkKeDquc61d iD1yulnjkr8axb4gv4Y/C1McT7fvECbiaK9ni/vgwwluy0cqRIz7rPe8NrAD6pYn 1WPgkHmGeNwpIhPHbBd9WCoQNiU+BLyNyuFASWjZWiIMiMwCKQdvm0qVJ1fPWxeP 2GxxpWfoftwDkRy1/tURs0dVuI+Ko40sTFKiUVUMyOu0ndnyuR8VGICWlwA903yY N05s8R65FpXJbERu3Bc4HO+fKzQxCqWocgcUHBI9VO9QGIcNRR1S1PgkltNUI0wI KTJith+ru6XFRK5ts74cBR7i2p2r+cVFs/FyzXXP1v4A1U+Fe6PwwdhWdwJy9r4s aOJPh5b5Go2BvRayptPt+18vdXm8N4L1xk94lk/h9X6lrMe9+WhWnH1BUnMD3dVm m8mSczWkkveFNiEfj3WGdbTlpVvXUqHdwIx+v2obj0fBUDkg9r1M2ZZjaW3DEPM9 aLOrjdK9t+ntJyNBQCnNCRZFaiFGHK9bdEjm9WhyfMAnxoKg1hNhzhq+jyxrPDZY OY6FBpNTQ9NhGUkgpkgArAEj =unW5 -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:13:56 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8h4zD7z6gqfm for ; Tue, 09 Jun 2026 23:13:56 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8h15w2z3QDR; Tue, 09 Jun 2026 23:13:56 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046836; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=azjBhPsvt/6KSQk3EbILQoe0jvt/cSjmP1RS10cW3QY=; b=gqNylMylLYxMrUKAXhges5Pkv8Pp/92kVTbZQsAIkuIHqu2UmQ/IxGWbDCFtciFU10o/qe 9Vv4pcX3o4CPYw75z9GcvWmgiNhSRADEpdgTKfZE3xASsOB48Nz7w+rLP43+L0+ubKeVZN c5dWFpJBSFB+h3ymdYyNwc2qL8F7GQ/H4ciO0xd5/GuDOQPTurAdUYgg5oaRs/nh+/0fwb UaGQIiun4xcxfZZZu1nocjc281/4zM6LlB9Zoy0ariV0+CAqb/X1wndSZhgLmYkGjl21Jq MfI5jWmS4ym2xR/1UCNqLyMY5nGbkK9pvuUQOC4r6fwsLePkbXQ9TS16xFfZJg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046836; a=rsa-sha256; cv=none; b=gP8FBLPCUrLGzqeIWR8uFna7XEtVPlL+ZVGdom+v2v9sbIDlk5IjYLR9EfRpDAH0c+aAlZ D/hazCnMIl0TzNxKvKCOOcvRO6wY5E/wLy6otHie3oTLny2TfugipoRcUHykdwDLOTNXaE BcQZgiy4VMCpuaE3d9+OzMZDTLMe39eOmlx6QX5omZWFaNf1cBBFFx2u9m9TJ4fQhGudbz e1djcSUGDiJMteQ5XHDsNE0yN5pen4kmTbAyvaaoacvaxGSyD+aIxpvPTNSJOzxKSd0PO6 9HPyRskpbpalm2NBQ3zukLU78gHm0PqK8FK1EG+nnsMIDVp9WjqdsyziXLt1tw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046836; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=azjBhPsvt/6KSQk3EbILQoe0jvt/cSjmP1RS10cW3QY=; b=ycwtRFJJ/XL+dHZ2FH8QsaTXliHrcdivKsB0r0CiWLN6KxwIaYCHDQ7hdF3MS08rXNTfxY Te3b12nAA/Xgcn1zr6jE8SsFIrpsH13VIKQd01id+1KuGMWusA3ynMlzgHIO2C95ErMym8 ILxD7SjUNiGMABYiTE2D5NhHVyDjDsEixY8JFtP3oTnJ2q5cLLkWqtpaKCei6BdV34HKJu kOhmgYIQvTjUKtI5aVp8sboizyIIQVbcz/7+GdtTW/Pg36yvo07oqZOQ01GaczEflVvnJ5 6AxrL9brXZPx0GqWN9Fidfz2fM5BRVVmo5tRUQlRo2sIuNbcBRqZIWKpbYp3Lw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 1A6F01FBED; Tue, 09 Jun 2026 23:13:56 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:33.unbound Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231356.1A6F01FBED@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:13:56 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:33.unbound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in unbound Category: contrib Module: unbound Announced: 2026-06-09 Affects: All supported versions of FreeBSD Corrected: 2026-05-26 16:48:51 UTC (stable/15, 15.1-STABLE) 2026-05-28 22:16:07 UTC (releng/15.1, 15.1-RC2) 2026-06-09 19:19:52 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-05-26 16:49:56 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:14 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:44 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-32792, CVE-2026-33278, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42944, CVE-2026-42959, CVE-2026-42960, CVE-2026-44390, CVE-2026-44608 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Unbound is a validating, recursive, and caching DNS resolver included in the FreeBSD base system as an optional service called local_unbound. II. Problem Description Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups for each issue, please see the upstream advisories referenced below. CVE-2026-33278 - Possible remote code execution during DNSSEC validation CVE-2026-42944 - Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42959 - Crash during DNSSEC validation of malicious content CVE-2026-32792 - Packet of death with DNSCrypt CVE-2026-44608 - Use-after-free and crash in RPZ code CVE-2026-40622 - "Ghost domain name" variant CVE-2026-42960 - Possible cache poisoning while following delegation CVE-2026-41292 - Parsing a long list of incoming EDNS options degrades performance CVE-2026-42534 - Jostle logic bypass degrades resolution performance CVE-2026-42923 - Degradation of service with unbounded NSEC3 hash calculations CVE-2026-44390 - Unbounded name compression causes degradation of service III. Impact The issues range from Denial of Service (DoS) through resource exhaustion or crashes to possible remote code execution during DNSSEC validation. See the upstream Unbound advisories for specific details. IV. Workaround No workaround is available. Systems not running the local_unbound service are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and restart the local_unbound service. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:33/unbound.patch # fetch https://security.FreeBSD.org/patches/SA-26:33/unbound.patch.asc # gpg --verify unbound.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ d2a10ff4cb84 stable/15-n283689 releng/15.1/ 1b6c85cfac36 releng/15.1-n283539 releng/15.0/ 6160bd311a1b releng/15.0-n281060 stable/14/ de9d7a2ab8f5 stable/14-n274187 releng/14.4/ 857abc12945a releng/14.4-n273722 releng/14.3/ a68c183e0ad2 releng/14.3-n271522 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiWwbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv5ZcQAMqhP1F0oVdGJ4ZlTusj An1CAKA3CO3TKt6jrbnTbnw4s1+9kKjwABGcrZw/0sdoq+e0DzhlG8uI9Pol46d8 ANgWVa0T2d4rTDxCRJZZsqxqDfd3PwpGbUPzNNptxnJxWSR5j87m0N6PcMddCBFc BKg8vdeOJDPky+khcNwXG/g52HcNheXPqzTgq1IMuYrNId4Xrp6pnKbpIPeEYXgj 6+GWIBz20B1qtEwNnjkDdqoHYK143SZcZzapO9QFmo+Su/tVJ+/ymEtFcY7Ze7JB Hm8jiBIX3S7emFLyUPvAAiY5Oh84IgpazGXhljDGc8R9Wt/ipoDfBSYmGUl9ZNFH 0haadzi5JdQmbqCANURXc7t81miGEI4LDKTcJaIkP0ITVxktENyr5YIpSh/OQEI0 NbAI+ASPp8eVI15YxVaKd0HIdjsGZPY0eRQymMAC55yponTu35aKFc+RG2xCVZat JPzrp50ZjmTxNMFt1MMPgZTZQxQC14iONT8LVymnG7cgAsjXGw2X7gjRWRMdC4Hb EezcuwDnHwYAWzD41+1W7WpyMXXdCW8gaIpcLzl41egTpTe932J++9va7RU1R86e VlqcpvxmEtu7shIvepFHi12l2JNsqsYLmhsYVoUJsMAOHQck2eUXOqfZ4+aQGwye cL48Uk5LxTjYEHENCtOKOm3e =7uMj -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:14:01 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8n5NyTz6gqY9 for ; Tue, 09 Jun 2026 23:14:01 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8n2192z3Q4L; Tue, 09 Jun 2026 23:14:01 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046841; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Vm+SqV7N3mqFN2q6T8hiC3FY/oljTsgurocxAreXDOo=; b=lJat0U8g0yz+VMFpUCkK273g7e5WUvpcycKo2ncle2WzsgCEGoy6NmWTET2Fr7isvhRhuK 7NNZEbN8/f8tSOBPwtZuogp9gchiYBveLDcezLcK5wKt8XUBJHlYPYXZdl/hd/SKHuAVTb XFhRFi95s+YNDrH/USnQ3/sPXO92xLpDjRcemdNZZ8bOjGPU0ekQbigNlasNCmiZFcoURB EaEzSaO3a4CdH6AN1SvJOx7a/HxeuItsuppgPBJfZW8z5zEbz9aNqo7JKpkBwgLy8GD6ub yv/J+ousnISUBDxyR27N8AafXx+iZpDaVzOVVbI9Fw3FFOuGtfSB6JtFi527hA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046841; a=rsa-sha256; cv=none; b=jQ0RcaybWpYgYy+yGGvgCdZzbWm13JgB3vdbZRVh9MnF7S6hFmI1vmY8Ux0ygamaQIjc3E YoYQeI8PUQn5GJbVA+rNoyPBiedKNhC1WLdIXeCFecufBXGrr2Qv7DadbmMD1ceyB+8gts t3JrO75Uvr1LAMbatfsS5JEV/h5aQ+P3yzBM2Bh4Qn3SdUV/L46t3MWivizTh0dFumvsSA QZ6ukKX11XIFLx9e/KFpMt3/NFFtZPOjNflv68W8xzGTEG4FJ/RAdMkVrGSxwdM8eoN6UP 4BhVTia+osUGRf/PLBWMVvbmu9+o2NR3lXWe2EKdyNr0Ucw5EgYonV/S+MGENQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046841; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Vm+SqV7N3mqFN2q6T8hiC3FY/oljTsgurocxAreXDOo=; b=FynT0x3/jOfS4ykTYNVyDKJfPzy6DKXo6r4yAsE4/E0csdrQsfycCvbQo+7KH2tag48J3g BNeWYQN6fBywUhz8XPYnD/ylMPZ7P0GneiUvINn2FB8p+DN7nw2W3jVFWpomtEt7w0sZDO JvTMHdF4KBCDGU5eBEC+bDkrDEh/+nutkvT22y6itfLu9fN9dOP0bfAxH+ZTaXwwBM/w7C iLK0hAKmgrC/q/6ZTgqvbzDPRIthdK49+THbsaGayVnHLeFF6cdeg348MY/vI4haSoXFcs 1hEla0M6I6H/Bn6aLftGoUBEezlqdOkv1aqLwFBDdHVmyVRvGHD3v9I1uAMiAQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 236231FAFE; Tue, 09 Jun 2026 23:14:01 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:34.vt Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231401.236231FAFE@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:14:01 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:34.vt Security Advisory The FreeBSD Project Topic: Integer overflow in vt(4) CONS_HISTORY ioctl Category: core Module: vt Announced: 2026-06-09 Credits: Ed Maste Affects: All supported versions of FreeBSD Corrected: 2026-06-07 17:10:53 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:14 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:53 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-07 17:12:28 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:15 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:45 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-49416 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background vt(4) is FreeBSD's default system console driver. It provides virtual terminals on the physical console, including a scrollback history buffer. The CONS_HISTORY ioctl(2) allows a user to resize the scrollback history of a virtual terminal. II. Problem Description The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. III. Impact An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:34/vt.patch # fetch https://security.FreeBSD.org/patches/SA-26:34/vt.patch.asc # gpg --verify vt.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ deaaddf1d3c4 stable/15-n283854 releng/15.1/ 8ed11b21e544 releng/15.1-n283558 releng/15.0/ f4cf977dfe92 releng/15.0-n281061 stable/14/ b5a4f4bfbc95 stable/14-n274300 releng/14.4/ 799e830134d5 releng/14.4-n273723 releng/14.3/ 9cba21c2de16 releng/14.3-n271523 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiW4bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvpd8P/0WOqL3COrZKAvzgZO+u tOfo4MhWYDw+jMAHtFLU5qH6GNfgUA8j5OaLaN1Rf+Z0+UNyy6CC5wehumdzRHm8 dPdfW9mKA932rsrOMM5/RtgLmBjVok4VjzC+KZbpO2b2cEJN5Tq1ZIYqZyvhbUV5 ZXjgdTZ1w2osE7IzPK2v0OOCRh+uiVLjpBiE4M18K0bmsnEytHm3xOpUUIkSNGWe gwunylrC0FstCKI778agymVHf4LX/xzEm7E62B4Ydk21GbB5QEx8ZnOOWWY8OehJ O48CBQILxnsIYSySx258nO9K8SwrZ45IonJmxb+N1OTTl+qDeSQo9Wfw2zTR4YZl qBBXpl9Ra/dL4zOGM0HOBEwlOXruCC4vm84vipZowJwO5e97/XZVdhNhkU8HHNWO 256nEIRwAFx/KqJ63AseOsq6REIP6hhCLo8NyWqLYpdp0MGClZ7UBQ5ay6TvwVHD Qf+KyZrfGh6q7pU2ADmLdzf0H6FiUASsbPiRjcd5o/T4qPY9vJKJGOfd8EVHqzsH Rh2yhdtbsbCqTvfOjnUIuj5vJnk3sr/HG9wJXNqEgLcBz33/jmNaNhHXcyc2Yw9N 7lBHW20nj3jDFhK8MdKSvBUZ4WSmr8yBYb85v4L6kb9EKDiUQMa7eJ6cCaHYYRff NH418v0qjh1t7fJRdmx1HtvQ =ZGXy -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:14:07 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl8w2LWKz6gqvN for ; Tue, 09 Jun 2026 23:14:08 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8v2q2Rz3Q9H; Tue, 09 Jun 2026 23:14:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046847; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=nf3omi+2yT46rq/4o3Rt/re84Zi1lv0VpkGJhD+zI6A=; b=nnRybswq5RCipMrdzXfSXMJIvQOrNy5osWY64bl6F9uVOZpELcaiHlcStjsuLQaf9q2hhm uST0c8Zuj39RFuNO0cH6wcy0HZainC1uhOIUsWLcJ6a4N8WXPRxsiSPrqg5DuO9qq4BdgX HEtKOchVMrG72ZAOcJj5u1eg/ueAOEfIM1kqE54PhB42epUsRWmKnwvGeh8nDGdbfWvZT+ ZcloGzOWamT+1TtPqbg2nay1FAk1Oo3/9OQqsNX4VogCJZJGwM+FhZP1ZYvSxuixp4Pknt reIZpy6sVaTm2BD3bOoWfIDPEHY3/Fk6ckI3wnVouSusEyVXzdUSf0Z83WiXiw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046847; a=rsa-sha256; cv=none; b=jSbPqEOJ9t+os+ioQckzSnfGNey8593CyKUlltwUlYlPw82oJgQwLQHvxWJolD1twTzOJi 6QlHJG9PDXq/aQl0PlnAC8SJ9w5v8KJzawus/ALy67vBIlg4F+dvCEldImQOuYKxTiqNO8 AWdvoXT8udl+UjxrE430I0bj3KmGoj6mTerm4710sAUzxezhYNBL9W3sx3GFLcRo0TqSRq lEiBA0uXnbRVgpgDrryxTcuzWMLfzxDLFJnR/2Ewo/PqtjdHs4tMzBFLmhG1ZIaVHr/I7q 2fFqPK7L5sBGcbwy2vDOLdqXZHb8wSkLMx6LrquMDWf62Z2ghCWFjWOJXtN+eg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046847; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=nf3omi+2yT46rq/4o3Rt/re84Zi1lv0VpkGJhD+zI6A=; b=CaUes/BkSG2plq48weeq8p1l/0xaFjg45sfZlN2Fy6lPwmAC4Da4LGnZEJ9uggLiQQAJ6c EsICYT0Lp7ByAU2kWKfWGxQ5hwjMSjf00Kfdde69YMKbNf4goT8r4k0Bj6Bxf98++SLa1D Aw9UYNOg3Rb+99AXS1Qdx/S410NfNEjpZunT6qHSmjvCD4vkG8iwFEue7/ZcgCPIzl4x5C wEJZWB72iwNa7f4/TAuwTzeATsq62cL4pFzSSGLyxhzdkTqMSXN2rPXQa/DwkAkwa4RkuZ qvuCX+sGGQjOQVFN5lU/BTv9TAvvvFg9Lws4KQpeW8EUAAeKxUywpR1l3gDXNg== Received: by freefall.freebsd.org (Postfix, from userid 945) id 578491FBEF; Tue, 09 Jun 2026 23:14:07 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:35.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231407.578491FBEF@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:14:07 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:35.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-06-09 Credits: See linked vendor advisory in References section Affects: All supported versions of FreeBSD. Corrected: 2026-06-09 19:17:36 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:15 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:54 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:54 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:16 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:46 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions. Instead of exhaustively listing detailed writeups for each issue, please see the referenced advisory from OpenSSL. Issues affecting FreeBSD 15.x (OpenSSL 3.5): CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversion CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC keys CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE handler CVE-2026-42764 - NULL dereference in QUIC server initial packet handling CVE-2026-42766 - Possible NULL dereference in password-based CMS decryption CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and PKCS7_decrypt() CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate handling CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV modes CVE-2026-45447 - Heap use-after-free in PKCS7_verify() Issues affecting FreeBSD 14.x (OpenSSL 3.0): CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversion CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages CVE-2026-42766 - Possible NULL dereference in password-based CMS decryption CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV modes CVE-2026-45447 - Heap use-after-free in PKCS7_verify() III. Impact The issues include heap buffer overflows and over-reads, NULL pointer dereferences, a use-after-free, unbounded memory allocation, and several cryptographic flaws permitting message forgery, integrity bypass, or recovery of a private key. Security impact ranges from a Denial of Service to a potential remote code execution. See the OpenSSL advisory for specific details. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch.asc # gpg --verify openssl-15.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch.asc # gpg --verify openssl-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 865c8ff56693 stable/15-n283889 releng/15.1/ 083bb80a125a releng/15.1-n283559 releng/15.0/ 0d6ccbb7524f releng/15.0-n281062 stable/14/ ec6bfa889b83 stable/14-n274318 releng/14.4/ 1929d9e173e5 releng/14.4-n273724 releng/14.3/ dd3096b4efe6 releng/14.3-n271524 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP 1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8 764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw /kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7 Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH 1srvsOXI5oN55cZrX4+H6G17 =UV/w -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:14:11 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl900v5kz6gqwc for ; Tue, 09 Jun 2026 23:14:12 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl8z3qcyz3QcT; Tue, 09 Jun 2026 23:14:11 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046851; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=l97L0f41JwybpEP9Y53mzGi39jXG96CYfLdpkSSpjOA=; b=t1nG4NGrlAEuYN5ECCMk9stdl3TZ2pMh6DDWn52Oj2s1wTS7013Dd7eUhcWoCwv9sUfqgR fgvfBZxUxh5kDQ8aDKJrJXwFtKr8wCne5gvBQW2JUc3XEYVGD4cxwYFgkli0lH88MALo1c Qtv3BYETC40G527NUlfEe8TbQ9F2t9kgZjU6szeleWRJx1bem7ISvqS1hZufgwSSamLVR/ lYP1IQh/4k6lY+a7X5z9H2QpL4aZeXoR2dCn7powwALghi7vQUIBdOHO446VVBPQTltKG7 8Ggztz1lThYKmSIvFhaRfvS67AW/ugXpMiSyHppdujtjCMY85jmmUa0QKeHmKQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046851; a=rsa-sha256; cv=none; b=oW8n+fFew76eGspcbE0JJJikrAlG3uyra9WLXmuLltcOICcNaa7l/LjEPL5xixj/qu5QFD TUgtm90Pt0IK9GiATFAr+4yH4M+q3VFQ+CtFlB41wx+XFHE+XDuyr4UURXhB6odGKES2us oHGYJ6/C6x3BqYBnjKfy608fG88mddbSmBhycTUP72TZpg3mg9RGlnnbnMcyvKcwNbIdNz XWC0mCAab9wcL2a6fQq/yQW1J2LKwHAdcNGtEsLdfS/5wmGhSFtHoa1x5306bTJs9D76O1 4FeBSURbCiB5ALdy+XaVZfGzYoDK72UPyUiqpPP5gl5ayuh9CaINW2B+XT3+vQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046851; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=l97L0f41JwybpEP9Y53mzGi39jXG96CYfLdpkSSpjOA=; b=Dc7VTifHjUok8akxZr2FTTZoOgmYgVLF5Du5cOiXSWYUQBByB3w75oNdrO9iibLWcz28fv VgF4s60QwfuSFmBfmZx3gkYhzO8WEuzu0THeA1990GpBG7HSBICC0stBwHoS1OPxETGluy NgKLvTmTcPUki0905Z57SJE/QJ687SZBn6/fB1v8VxkQA2MRsi+9LD0kcwhBdywuvnS9TV drvGK9nxhPUcHV6v0h+We1nnD7OjxEl8eJBqOd2Vk6rDT89EaRQw//fEgiM1eoiPKdRrT1 WF9xc6IvfnmZymG4JeYsy91Lsntp3TExSe41I8xOhKAA0bR1e3C7oG1VjUn5dA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 5623E1FDAB; Tue, 09 Jun 2026 23:14:11 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-26:36.ldns Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20260609231411.5623E1FDAB@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:14:11 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:36.ldns Security Advisory The FreeBSD Project Topic: Insufficient response validation in the ldns stub resolver Category: contrib Module: ldns Announced: 2026-06-09 Credits: Pablo Ruiz from 'codecome.ai' Affects: All supported versions of FreeBSD. Corrected: 2026-06-09 19:17:37 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:16 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:55 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:55 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:17 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:47 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-10846 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes the ldns library from NLnet Labs, which provides DNS functionality for programs, including stub resolver support. Several base system tools are built on ldns, among them drill(1), host(1), and ssh(1) (for the VerifyHostKeyDNS feature). II. Problem Description When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the outstanding query. It did not check that the response source address and port matched the query destination, that the transaction ID matched, or that the question section of the response matched that of the query. III. Impact Without these checks, an off-path attacker who cannot observe the query can forge UDP responses that ldns will accept as genuine. By injecting spoofed replies, the attacker can return arbitrary DNS data to any program that uses ldns for stub resolving, including drill(1). IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:36/ldns.patch # fetch https://security.FreeBSD.org/patches/SA-26:36/ldns.patch.asc # gpg --verify ldns.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 20bfab98f8ae stable/15-n283890 releng/15.1/ 157d99d7ec9b releng/15.1-n283560 releng/15.0/ fbb19baa29ce releng/15.0-n281063 stable/14/ 5719a342555b stable/14-n274319 releng/14.4/ 410ab2bff36f releng/14.4-n273725 releng/14.3/ f61d7fc2ba85 releng/14.3-n271525 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiXQbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvuJsP/1G2bXjQo/HJ2aNYP1+h Ffz307olEEslY/xUlmulwuOdhh5A2gx0vZmh8gtUiMON+SzXN9+LxbzVnASfSj+o TFPJQNc55LUwdK/2m4i9UoW1dmEP5gIJk9uVDbGxMNgclkCWxJYvurT4DaCdf6fw a0lWUAOVpdk/pY0CCEYoyP85VaW9yroXowC5S/QSWLXoHOw6Rv5HVwd5Me6SvFir RChUVM77yyb6O+pCHyNhjSzksPrj8NzpdQyPeJeNOz3uNciRbloKPhUtsvEuppjp IQaa3P5pBw/Ivcyc+gHYZU1TlnQvHnyqIjRHmnmJCmDLwSwrD6+/sRrR5i1vVArZ DXyYK4rz/QstTXkFjZIV5SSVM6GT3CsavfnoCJzlTyOO7lQzNWUHunWFDFSdvWxJ FzSOI62+/0ZwHw0m2aLCpGXi1T5MS5Q+c4lK2zwdUdlnHTDhGLUv3hinavYYV7Bh HUzs+Hf3tVWzyi3+HVOv/zIPr3C2F6jXibVsSWD3omXRcNzei7dSkYJXKZigrpD6 7lrurOoq9ujboXBdBGimvW8sPTI+/GWfRm/pUJQUjYhl0gUmTB/MEWGpisYYwDMM bwTUTTDx97j5UYtBVvRZKz0k54DmGQAh5I1PVepszkUDTnfX6v5aSLnTnTlcxHhB jwJiXCvdJUX0Djnm0vXDSXzL =tsVt -----END PGP SIGNATURE----- From nobody Tue Jun 9 23:20:40 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlJX1tQTz6grdP for ; Tue, 09 Jun 2026 23:20:44 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward501a.mail.yandex.net (forward501a.mail.yandex.net [178.154.239.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlJW5JDvz3csv for ; Tue, 09 Jun 2026 23:20:43 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-33.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-33.vla.yp-c.yandex.net [IPv6:2a02:6b8:c0d:90e:0:640:d420:0]) by forward501a.mail.yandex.net (Yandex) with ESMTPS id 69A7B81478 for ; Wed, 10 Jun 2026 02:20:40 +0300 (MSK) Received: from 2a02:6b8:c15:3618:0:640:4f86:0 (2a02:6b8:c15:3618:0:640:4f86:0 [2a02:6b8:c15:3618:0:640:4f86:0]) by mail-nwsmtp-mxback-production-main-33.vla.yp-c.yandex.net (mxback) with HTTPS id bJTGX0NwuGk0-94342sWf; Wed, 10 Jun 2026 02:20:40 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781047240; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=QSuYG8AeaAZbu6Ul/ttA3s3pWIjyhigcAO5GWjP+MCuOhfl1R9ikHY+caOb1lRVc4 aaDpBZQuL9C56V9bLHfyG4jQB1ixIPH1PbQ/h0Ax3VrCtQuS1SFb2pHJm/IZdpOpDO mmk7mW775MIV8gXrdQQ0q3GE8wB3DJgX8JH5XE6I= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjoyNS50aHI=?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:20:40 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <20111781047240@cc48f203-5f96-405a-84ab-ecc11b3ce418> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231305.80E771FCB9@freefall.freebsd.org> References: <20260609231305.80E771FCB9@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZlJW5JDvz3csv X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:24:13 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlNn1SZPz6gsP6 for ; Tue, 09 Jun 2026 23:24:25 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward502a.mail.yandex.net (forward502a.mail.yandex.net [IPv6:2a02:6b8:c0e:500:1:45:d181:d502]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlNl541dz3krf for ; Tue, 09 Jun 2026 23:24:23 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-44.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-44.vla.yp-c.yandex.net [IPv6:2a02:6b8:c15:290f:0:640:fd1b:0]) by forward502a.mail.yandex.net (Yandex) with ESMTPS id E4BCC817E4 for ; Wed, 10 Jun 2026 02:24:14 +0300 (MSK) Received: from 2a02:6b8:c2b:25c:0:640:e58f:0 (2a02:6b8:c2b:25c:0:640:e58f:0 [2a02:6b8:c2b:25c:0:640:e58f:0]) by mail-nwsmtp-mxback-production-main-44.vla.yp-c.yandex.net (mxback) with HTTPS id 0OTe10Nvv8c0-xMnXlToF; Wed, 10 Jun 2026 02:24:13 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781047454; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=H0hXDusYm7WhXoqglEoMd7HxQU/1fc9swRlWwbjXWWcvQVIQezEi9UX2G9jWEiitK C9ULAXeBt8/VvsoYNfdGS3eI6Y/nuwW24PxqNV6zumBptvv++NjkCgIY7oPeZ/cBP4 2eveeicgJDJp/P2a+20BPc2mOilLGXcYYSKKB9h8= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjoyNi5rdGxz?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:24:13 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <18901781047453@fd37269e-a5c5-4abc-b018-17e633b0d1f0> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231311.7E26A1FD21@freefall.freebsd.org> References: <20260609231311.7E26A1FD21@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:208398, ipnet:2a02:6b8::/32, country:RS] X-Rspamd-Queue-Id: 4gZlNl541dz3krf X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:29:34 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlVp2rFCz6gsyV for ; Tue, 09 Jun 2026 23:29:38 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward501b.mail.yandex.net (forward501b.mail.yandex.net [178.154.239.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlVn6R7Pz3tlw for ; Tue, 09 Jun 2026 23:29:37 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-13.iva.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-13.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:1c19:0:640:802c:0]) by forward501b.mail.yandex.net (Yandex) with ESMTPS id C93A381511 for ; Wed, 10 Jun 2026 02:29:34 +0300 (MSK) Received: from 2a02:6b8:c0c:4898:0:640:6174:0 (2a02:6b8:c0c:4898:0:640:6174:0 [2a02:6b8:c0c:4898:0:640:6174:0]) by mail-nwsmtp-mxback-production-main-13.iva.yp-c.yandex.net (mxback) with HTTPS id OSTR9H4ofqM0-KYbe97g2; Wed, 10 Jun 2026 02:29:34 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781047774; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=iaAGtlt9PP1Kn1sk4OI18B3KEMcfu1tjDdV8nxjf5nlm8ySGvcV4pPLKbPDdFZLZd PCouyK/mrIeeeJ4zo7qCGng8nZ2roMDwUwQjyRewWRBfiVOKSIGC68v6eshost1b5/ Ll3psczPODR4GKGkkgjMu/XenMgVqsl97YSM4OKs= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjoyNy5zb3VuZA==?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:29:34 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <9471781047774@8a178201-84df-457b-afde-824fbae59aa2> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231317.105A41FBE4@freefall.freebsd.org> References: <20260609231317.105A41FBE4@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZlVn6R7Pz3tlw X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:34:33 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlcW3Lljz6gtP2 for ; Tue, 09 Jun 2026 23:34:35 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward502a.mail.yandex.net (forward502a.mail.yandex.net [IPv6:2a02:6b8:c0e:500:1:45:d181:d502]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlcW0SH2z44FS for ; Tue, 09 Jun 2026 23:34:35 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-55.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-55.vla.yp-c.yandex.net [IPv6:2a02:6b8:c1d:320a:0:640:4f3a:0]) by forward502a.mail.yandex.net (Yandex) with ESMTPS id C11BE818AE for ; Wed, 10 Jun 2026 02:34:33 +0300 (MSK) Received: from 2a02:6b8:c0f:611:0:640:6034:0 (2a02:6b8:c0f:611:0:640:6034:0 [2a02:6b8:c0f:611:0:640:6034:0]) by mail-nwsmtp-mxback-production-main-55.vla.yp-c.yandex.net (mxback) with HTTPS id TXTd4nMvo8c0-xIliqCIs; Wed, 10 Jun 2026 02:34:33 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781048073; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=JeQsc4+27bKwPBoc4+7IWDyCTjQSQk6MkXKC34KViUt7aauy3Eyi3KFZHbINsxNe7 wE5hMqvvdgPhP2kYkoSrNKWcyMoUWLqemX18d1SfQJEgjGrTjP50/k8vlV6GlUv6ra wfF6hSwNgW+hO9Fd75kOinNiR+xWKwHMg0gYmqDg= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjoyOC5jYXBzaWN1bQ==?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:34:33 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <17971781048073@4c1739c1-7721-4d83-a4bc-202d14343ecc> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231323.B1D1E1FAF5@freefall.freebsd.org> References: <20260609231323.B1D1E1FAF5@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:208398, ipnet:2a02:6b8::/32, country:RS] X-Rspamd-Queue-Id: 4gZlcW0SH2z44FS X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:39:22 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlk53Nygz6gtvS for ; Tue, 09 Jun 2026 23:39:25 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward502a.mail.yandex.net (forward502a.mail.yandex.net [178.154.239.82]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlk44mrzz3FSR for ; Tue, 09 Jun 2026 23:39:24 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-53.iva.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-53.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:1f09:0:640:c382:0]) by forward502a.mail.yandex.net (Yandex) with ESMTPS id 97820817D4 for ; Wed, 10 Jun 2026 02:39:22 +0300 (MSK) Received: from 2a02:6b8:c0c:940c:0:640:602b:0 (2a02:6b8:c0c:940c:0:640:602b:0 [2a02:6b8:c0c:940c:0:640:602b:0]) by mail-nwsmtp-mxback-production-main-53.iva.yp-c.yandex.net (mxback) with HTTPS id LdTDjELwpW20-BmKujUwv; Wed, 10 Jun 2026 02:39:22 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781048362; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=QqRb4SinoA82243cXh4JYx39V35W4a0L04W8h1aO0umde3XwZmKrHES9db8Vo5TVk SuAFa53cVupViG7tTllx7wbPIjg21i6qkp6dt8wa3Uq9dIjK5dsjhWSm5RMmqcRcVE kv93jynNR/mmcXSJgUxdb9uG0czr2+MZBW4xdG1g= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjoyOS5pcDZfbXVsdGljYXN0?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:39:22 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <7721781048362@d0f020fe-3ebf-49c5-9460-3d8a33b7671f> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231335.3FCB11FDA3@freefall.freebsd.org> References: <20260609231335.3FCB11FDA3@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZlk44mrzz3FSR X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:43:21 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZlpp5FQDz6gvRv for ; Tue, 09 Jun 2026 23:43:30 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward502d.mail.yandex.net (forward502d.mail.yandex.net [IPv6:2a02:6b8:c41:1300:1:45:d181:d502]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZlpn0cxYz3Nrf for ; Tue, 09 Jun 2026 23:43:29 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-306.klg.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-306.klg.yp-c.yandex.net [IPv6:2a02:6b8:c42:d7ce:0:640:a78b:0]) by forward502d.mail.yandex.net (Yandex) with ESMTPS id B74BCC1676 for ; Wed, 10 Jun 2026 02:43:21 +0300 (MSK) Received: from 2a02:6b8:c43:f318:0:640:c665:0 (2a02:6b8:c43:f318:0:640:c665:0 [2a02:6b8:c43:f318:0:640:c665:0]) by mail-nwsmtp-mxback-production-main-306.klg.yp-c.yandex.net (mxback) with HTTPS id 2gTfL9JvbKo0-hPqyyQl5; Wed, 10 Jun 2026 02:43:21 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781048601; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=kUeWTnBrDW0Paz0LyUaSjIZ0r9ISuIU0eT6S8CTY0N5cRuqtKYJOveJR7QVT3lKIR abdt/HY0+ZV53VONRb89JhDQ7djT7X8e8q/sEVuNysk0M6H4Rfjjj2A+NRURW2U0cB US++0DuMpSyr5zMtHViAwwgTtsHhZGucx01CEGRQ= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozMC5saW51eA==?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:43:21 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <18241781048601@4e60197f-a79d-4376-928e-055ad6b19729> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231340.D23031FBE9@freefall.freebsd.org> References: <20260609231340.D23031FBE9@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:208398, ipnet:2a02:6b8::/32, country:RS] X-Rspamd-Queue-Id: 4gZlpn0cxYz3Nrf X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:49:41 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZly20Wvdz6gvsp for ; Tue, 09 Jun 2026 23:49:46 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward502a.mail.yandex.net (forward502a.mail.yandex.net [178.154.239.82]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZly04W52z3YCF for ; Tue, 09 Jun 2026 23:49:44 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-575.iva.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-575.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:d10a:0:640:e519:0]) by forward502a.mail.yandex.net (Yandex) with ESMTPS id 4C27A81CF6 for ; Wed, 10 Jun 2026 02:49:42 +0300 (MSK) Received: from 2a02:6b8:c0c:3c8a:0:640:e47b:0 (2a02:6b8:c0c:3c8a:0:640:e47b:0 [2a02:6b8:c0c:3c8a:0:640:e47b:0]) by mail-nwsmtp-mxback-production-main-575.iva.yp-c.yandex.net (mxback) with HTTPS id 4nTYEMLxs0U0-F4UiltXN; Wed, 10 Jun 2026 02:49:41 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781048982; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=EW9ED/wasulJX+stw3JLP5aHjNeVm26tWGPZ7ybVQntPRTEg64NFj4nY2eFRqAL5r Zj+xgwAk5FejnZ+X0T/RHZA4lKDpZQYNDoCFqh/R6s0GmXsD3mUxUbXSBg4RX06dZt DPz8uxqN/6E1bVDMeyYVGKIa3YQa0I0Lv+LusxfI= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozMS5hcm02NA==?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:49:41 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <9201781048981@c37894fd-9b6c-431a-99d8-8a9591103c7f> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231346.B2FCA1FB6E@freefall.freebsd.org> References: <20260609231346.B2FCA1FB6E@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZly04W52z3YCF X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Tue Jun 9 23:56:32 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZm6472lFz6gx3c for ; Tue, 09 Jun 2026 23:56:44 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward500a.mail.yandex.net (forward500a.mail.yandex.net [IPv6:2a02:6b8:c0e:500:1:45:d181:d500]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZm636PTMz3lBQ for ; Tue, 09 Jun 2026 23:56:43 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-62.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-62.vla.yp-c.yandex.net [IPv6:2a02:6b8:c15:2b9c:0:640:1ee1:0]) by forward500a.mail.yandex.net (Yandex) with ESMTPS id 6AF9AC14F5 for ; Wed, 10 Jun 2026 02:56:32 +0300 (MSK) Received: from 2a02:6b8:c18:151c:0:640:6141:0 (2a02:6b8:c18:151c:0:640:6141:0 [2a02:6b8:c18:151c:0:640:6141:0]) by mail-nwsmtp-mxback-production-main-62.vla.yp-c.yandex.net (mxback) with HTTPS id AuTWAwCnY4Y0-KSlLIUu9; Wed, 10 Jun 2026 02:56:32 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781049392; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=mmt40CcjNyh9pbyJw9pdn+YvtYzWdk8E41OJuVyC1thOomnfrPwh+D21o6d5KFtbJ 8IRcdWc+B07vcBKm4/n7rIpaPxHh2mQ1IjyzNZ3WVl5rMm6IQyvVjUf23eo2gkar1d fQEiclk3TknPuo4InkG7ilNUAGhKTn+rc+b6xDC4= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozMi5lbGY=?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 02:56:32 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <19421781049392@acd9c750-ef72-4efd-9998-d430b262a45e> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231351.CA1F51FC5D@freefall.freebsd.org> References: <20260609231351.CA1F51FC5D@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:208398, ipnet:2a02:6b8::/32, country:RS] X-Rspamd-Queue-Id: 4gZm636PTMz3lBQ X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Wed Jun 10 00:01:46 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZmCy0Nrqz6gy1P for ; Wed, 10 Jun 2026 00:01:50 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward500a.mail.yandex.net (forward500a.mail.yandex.net [178.154.239.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZmCx1V63z3tMk for ; Wed, 10 Jun 2026 00:01:49 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-670.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-670.vla.yp-c.yandex.net [IPv6:2a02:6b8:c1f:209f:0:640:319c:0]) by forward500a.mail.yandex.net (Yandex) with ESMTPS id F1830C14EB for ; Wed, 10 Jun 2026 03:01:46 +0300 (MSK) Received: from 2a02:6b8:c15:281b:0:640:e36b:0 (2a02:6b8:c15:281b:0:640:e36b:0 [2a02:6b8:c15:281b:0:640:e36b:0]) by mail-nwsmtp-mxback-production-main-670.vla.yp-c.yandex.net (mxback) with HTTPS id j17mX2N1jqM0-N1LTu8Ox; Wed, 10 Jun 2026 03:01:46 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781049706; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=cd39wqYWH/jlR4Bu0QwfkK0VhfC1uc3wy04FodyCyPjnL7O5l1d7P8C5RXzlH/Fd7 q5iWxwVnm9fdeuAGYzcMpg4VDctkkqYvZG3sOX4FpAFxyad2lp9gK2SAuXXUUhqzi5 ICCdjEfZPqmCX/w0WLV77jEBgCVYG7qAEbhaoL4A= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozMy51bmJvdW5k?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 03:01:46 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <20441781049706@15c3134a-9558-4cba-a490-3e97bdd301ce> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231356.217461FB70@freefall.freebsd.org> References: <20260609231356.217461FB70@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZmCx1V63z3tMk X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Wed Jun 10 00:06:30 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZmKV44HTz6gyY6 for ; Wed, 10 Jun 2026 00:06:38 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward501d.mail.yandex.net (forward501d.mail.yandex.net [IPv6:2a02:6b8:c41:1300:1:45:d181:d501]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZmKT6s5sz436B for ; Wed, 10 Jun 2026 00:06:37 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-361.klg.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-361.klg.yp-c.yandex.net [IPv6:2a02:6b8:c42:68a4:0:640:2522:0]) by forward501d.mail.yandex.net (Yandex) with ESMTPS id 7232F8278D for ; Wed, 10 Jun 2026 03:06:30 +0300 (MSK) Received: from 2a02:6b8:c42:d04a:0:640:3b20:0 (2a02:6b8:c42:d04a:0:640:3b20:0 [2a02:6b8:c42:d04a:0:640:3b20:0]) by mail-nwsmtp-mxback-production-main-361.klg.yp-c.yandex.net (mxback) with HTTPS id 2671c5JwvW20-IY6Epf5l; Wed, 10 Jun 2026 03:06:30 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781049990; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=dttyNeN+lutkkqb6St9x/CHuqQduhWmFmgnxkLYGfpRz4BYF9teUOOFv0zQj2avsY 4qxi+CmiwKYkcIdeh/rRqHzZBRX35tNgcB6P54VEu9hLhJMfLvVbwgq+SZQS2gR1iQ wqpCGlHtbkuwi3dIuG76nf39+Z63tGZt4LK7ARks= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozNC52dA==?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 03:06:30 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <17231781049990@ba530767-acf0-4012-8f07-e5713d55a2fd> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231401.28A7D1FC63@freefall.freebsd.org> References: <20260609231401.28A7D1FC63@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:208398, ipnet:2a02:6b8::/32, country:RS] X-Rspamd-Queue-Id: 4gZmKT6s5sz436B X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Wed Jun 10 00:21:31 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZmfl5SRtz6h0Mq for ; Wed, 10 Jun 2026 00:21:35 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward501a.mail.yandex.net (forward501a.mail.yandex.net [178.154.239.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZmfk48pzz3HQQ for ; Wed, 10 Jun 2026 00:21:34 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-82.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-82.vla.yp-c.yandex.net [IPv6:2a02:6b8:c1f:583c:0:640:7375:0]) by forward501a.mail.yandex.net (Yandex) with ESMTPS id 1E426813E0 for ; Wed, 10 Jun 2026 03:21:32 +0300 (MSK) Received: from 2a02:6b8:c1d:2435:0:640:84cd:0 (2a02:6b8:c1d:2435:0:640:84cd:0 [2a02:6b8:c1d:2435:0:640:84cd:0]) by mail-nwsmtp-mxback-production-main-82.vla.yp-c.yandex.net (mxback) with HTTPS id TK7Lw9NwwSw0-qmKnnFvR; Wed, 10 Jun 2026 03:21:31 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781050891; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=TxFHlQn1VJq6XUtlR061eDlYDEA/lAmMUAEOXpZF7QGsE6nnwDeQsKUo1TdfG/DvT 5/TT6JfBEKXOQqEVPNkMYt2ZxdtO51W0B3IANVcLNVQ8VNf0tUd2CHVfrVzfDb+Qof 7fmIKCvQxskz0ASt38hBu7LYxwgR0BS+h7fabVf4= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozNS5vcGVuc3Ns?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 03:21:31 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <19741781050891@fd30077b-4a4f-4949-bdd0-182c588e8a2a> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231407.7A6561FA7A@freefall.freebsd.org> References: <20260609231407.7A6561FA7A@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZmfk48pzz3HQQ X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Wed Jun 10 00:22:19 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZmgg0fd6z6h0sY for ; Wed, 10 Jun 2026 00:22:23 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Received: from forward501b.mail.yandex.net (forward501b.mail.yandex.net [178.154.239.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZmgf0M9hz3Jry for ; Wed, 10 Jun 2026 00:22:22 +0000 (UTC) (envelope-from lost.emails@omgtu.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-mxback-production-main-95.iva.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-95.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:b809:0:640:6958:0]) by forward501b.mail.yandex.net (Yandex) with ESMTPS id A50C5820CD for ; Wed, 10 Jun 2026 03:22:19 +0300 (MSK) Received: from 2a02:6b8:c0c:78ae:0:640:80f6:0 (2a02:6b8:c0c:78ae:0:640:80f6:0 [2a02:6b8:c0c:78ae:0:640:80f6:0]) by mail-nwsmtp-mxback-production-main-95.iva.yp-c.yandex.net (mxback) with HTTPS id 0M7hv0LwbmI0-xJl1qCl9; Wed, 10 Jun 2026 03:22:19 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omgtu.ru; s=mail; t=1781050939; bh=W9ypETTPqkQyLCeYVBO/+mjFMhbJ2YO5e1esCPNIlXA=; h=In-Reply-To:Message-Id:References:Date:From:To:Subject; b=EWOgiVJQFljZJWjnbD6Naiy3N7etxVV23xPcbOg1vpdIE6Bb2vsFj/tpMa+QLSdV1 CDHJzYBN0TCnkVLCMMfow5cZpTU31ZdHPfHyx2cdElFoLcH2jJ3cDQY5wqjRql6G7B 10qROCCZ3cGGKOITjraHHbaE8CrfUgn6sFWBWCKM= Subject: =?utf-8?B?UmU6IEZyZWVCU0QgU2VjdXJpdHkgQWR2aXNvcnkgRnJlZUJTRC1TQS0yNjozNi5sZG5z?= To: freebsd-security@freebsd.org Date: Wed, 10 Jun 2026 03:22:19 +0300 From: =?utf-8?B?0J/QuNGB0YzQvNCwINCfLg==?= Message-Id: <9911781050939@717782af-0e19-430a-acd4-6140e31a2adf> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 X-Yandex-Forward: 6138d21a4c945e99f76847c2af99576c X-AutoReply: YES Auto-Submitted: auto-replied In-Reply-To: <20260609231411.5A3D21FC64@freefall.freebsd.org> References: <20260609231411.5A3D21FC64@freefall.freebsd.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:200350, ipnet:178.154.224.0/19, country:RU] X-Rspamd-Queue-Id: 4gZmgf0M9hz3Jry X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 0JTQvtCx0YDRi9C5INC00LXQvdGMIQrQo9C60LDQt9Cw0L3QvdC+0LPQviDQsNC00YDQtdGB0LAg 0LIg0LTQvtC80LXQvdC1IG9tZ3R1LnJ1IChvbWd0dS50ZWNoKSDQvdC1INGB0YPRidC10YHRgtCy 0YPQtdGCLiDQn9GA0L7QstC10YDRjNGC0LUg0LDQtNGA0LXRgSDQuCDQv9C+0LLRgtC+0YDQuNGC 0LUg0L7RgtC/0YDQsNCy0LrRgy4KCi0tCtCU0LDQvdC90L7QtSDQv9C40YHRjNC80L4g0YHRhNC+ 0YDQvNC40YDQvtCy0LDQvdC+INCw0LLRgtC+0LzQsNGC0LjRh9C10YHQutC4INC4INC90LUg0YLR gNC10LHRg9C10YIg0L7RgtCy0LXRgtCw From nobody Wed Jun 10 10:46:44 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb2XJ2yngz6hZhF for ; Wed, 10 Jun 2026 10:46:56 +0000 (UTC) (envelope-from iandstanley@gmail.com) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gb2XJ0xxbz3l6B for ; Wed, 10 Jun 2026 10:46:56 +0000 (UTC) (envelope-from iandstanley@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-68f36e1663cso11911350a12.3 for ; Wed, 10 Jun 2026 03:46:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781088410; x=1781693210; darn=freebsd.org; h=to:in-reply-to:references:message-id:date:subject:mime-version:from :content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=z/Z8MLyeMhcrbMQ7pV0OWNJ9XYX4bsJOoYLFE90P7cE=; b=jdQWbxiU4+UZeAkAIWGh/w1gyyzv73CeOfStYulqN0hM/EczM1VGBEY0M0XJsnC9hC jOfvcvoU5bPRyGepEROsf5k3P3+EgQ7SKjUlb1XaoQV/D3/z8lD91rVu3VfHmjcuu8mU T0dxI8JzLxECu3NNiRyu6Tr8cppPPAmzKcL6QQWnozYu3sYi7Sbr1qGnsBM0t5wY1K5A jiBpPoB/p1pTCaVU8iUqy2U3vNhuepOJkLv5FwacMt3MYG/DIEjA7QEZh1X9Q3C4UymL 6kN3eUI/JkXjgHEtawrHCRULvRjUE+hF/Qexctz0FepAQpRfsQMpLELZbgrTNCUGVeGN 3iyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781088410; x=1781693210; h=to:in-reply-to:references:message-id:date:subject:mime-version:from :content-transfer-encoding:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z/Z8MLyeMhcrbMQ7pV0OWNJ9XYX4bsJOoYLFE90P7cE=; b=R4xqGCFy/j131QYMyTRCb+ckguo2jxKj06HqiZCLu0pEPPG2LG8f3kU37Wu46PusTn A7zNvK/I3k0o91GfviE1cyElqmavnXALMlZoPSyrCk/Ij0ilSM2YedeCmSdaiYvBsJuk Vqj5tLOBQak1oQqmoyw0D81l8wrXY8H9aKmT7pnv+xCAWnQeX98mecbr7ucYpp3SqD7y CkNT52oPQHLy8AxVCCR1tn3xmhur8YYWPH6VdlFmmrjTo9H9Xc23bUYQJDOkY584eOOO EefBvCP98ddcDXB/H0lYggBxFOO+aXLqWrbVMOs0gajbmApQk4nA0k6hK6BN5QIls/fE uFJA== X-Gm-Message-State: AOJu0YyMm9enQozghqLpjWjQRgoOFUn/ZmdMfMgx2jcFwkk6rSWnbJAC hzzn2UGo0eCjCdvTk6uj5O1l+0o/wp5ScSxC0ZgsawWihPtQ5YEFUONprWAoFQ== X-Gm-Gg: Acq92OFBOqgHXAuxtFmT66tMTBrkrE3DHTEAHN68jNT+aZbNL669R2oSajP8WaPysAf 08wMBoWIw0uwXEdEwqlzakftr2IjB60xy1T5o/hIxOEn3OGnuGvXGcPcXZLqIpoNjwe9drOKwqH n4/z5FnANbvpS8IVmaGaJi+U5kPZzHNaX5YB8uKkfXOFIO6/8buoRacOX1Y1q6Fq7WJfrLe39IN TNgX3B6wbKXXKb0TafalWDarD4f0892A0gF4yybQcsDkymZ5avNyPiUg3KfkAeb+qoVxw/v5Gi9 89JRkcGr01pgEprVyAD4r7mRp6Qe59rfMSN0LEfxeVlZ26TaBM8mJFwpDajRQ1X2Op0twd74MlI erV/17ITq/jKUoYo4Rgjm33mQutUrOO2b8G2acNydaizFLckgtLFKFIQFBuZ7pS6iMsFl4nnFzT kXIhXpAyZl1oLTMto4SIjMhQoA/1CRUfqQQ2par6L9nHqrJO1dfaTgTsNqN/+5aE70GeB6ZvAbx CCKa9hIy85gu/W0tZJx8cCpTYH1 X-Received: by 2002:a05:6402:518c:b0:687:ece2:aac6 with SMTP id 4fb4d7f45d1cf-68fa50479abmr12972956a12.15.1781088409669; Wed, 10 Jun 2026 03:46:49 -0700 (PDT) Received: from smtpclient.apple ([2a00:23c7:3c55:2c01:6dcb:87cd:278e:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-68e65b57c66sm9618950a12.28.2026.06.10.03.46.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jun 2026 03:46:49 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Ian Stanley List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list Mime-Version: 1.0 (1.0) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum Date: Wed, 10 Jun 2026 11:46:44 +0100 Message-Id: References: <20260609231323.ACEA71FC52@freefall.freebsd.org> In-Reply-To: <20260609231323.ACEA71FC52@freefall.freebsd.org> To: freebsd-security@freebsd.org X-Mailer: iPhone Mail (23F77) X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4gb2XJ0xxbz3l6B X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated Unsubscribe=20 > On 10 Jun 2026, at 00:32, FreeBSD Security Advisories wrote: >=20 > =EF=BB=BF-----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > FreeBSD-SA-26:28.capsicum Security Advis= ory > The FreeBSD Proje= ct >=20 > Topic: sigqueue(2) missing capability mode restriction >=20 > Category: core > Module: capsicum > Announced: 2026-06-09 > Credits: Ed Maste > Affects: All supported versions of FreeBSD. > Corrected: 2026-05-29 19:11:40 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:09 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:46 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-05-29 19:12:58 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:08 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:38 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-45259 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > Capsicum is a lightweight OS capability and sandbox framework. It provide= s > two kernel primitives: capability mode, and capabilities. Capability mode= > restricts the ability of a sandboxed process to interact with the global > namespace, including the ability to send signals to other processes, other= > than via capability-based interfaces. >=20 > In capability mode, kill(2) restricts signal delivery to the calling proce= ss > only, preventing a sandboxed process from signalling other processes. > sigqueue(2) provides similar signal delivery functionality, and is similar= ly > permitted in capability mode. >=20 > II. Problem Description >=20 > sigqueue(2) was marked as permitted in capability mode with the introducti= on > of Capsicum in 2011, but the implementation of kern_sigqueue did not inclu= de > a capability mode check restricting signal delivery to the calling process= 's > own PID. >=20 > III. Impact >=20 > A process in capability mode can use sigqueue(2) to send signals to any > process it could signal following standard Unix permissions, bypassing the= > Capsicum sandbox restriction. A compromised sandboxed process could > interfere with other processes, for example by sending SIGKILL or SIGSTOP.= > This could be any process running as the same user, or any process, for a > superuser sandboxed process. >=20 > IV. Workaround >=20 > No workaround is available. >=20 > V. Solution >=20 > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, and > reboot. >=20 > Perform one of the following: >=20 > 1) To update your vulnerable system installed from base system packages: >=20 > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be updated= > via the pkg(8) utility: >=20 > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" >=20 > 2) To update your vulnerable system installed from binary distribution set= s: >=20 > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platfor= ms > which were not installed using base system packages can be updated via the= > freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 15.1] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch.= asc > # gpg --verify capsicum-15.1.patch.asc >=20 > [FreeBSD 15.0] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch.= asc > # gpg --verify capsicum-15.0.patch.asc >=20 > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch.as= c > # gpg --verify capsicum-14.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile your kernel as described in > and reboot the > system. >=20 > VI. Correction details >=20 > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: >=20 > Branch/path Hash Revision > - ------------------------------------------------------------------------= - > stable/15/ defd9b86ef99 stable/15-n283744 > releng/15.1/ 871d33e8a66a releng/15.1-n283553 > releng/15.0/ 77ee83d12625 releng/15.0-n281055 > stable/14/ d11ff01b3aec stable/14-n274231 > releng/14.4/ eab757f954ed releng/14.4-n273717 > releng/14.3/ f56e8cb94df6 releng/14.3-n271517 > - ------------------------------------------------------------------------= - >=20 > Run the following command to see which files were modified by a > particular commit: >=20 > # git show --stat >=20 > Or visit the following URL, replacing NNNNNN with the hash: >=20 > >=20 > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: >=20 > # git rev-list --count --first-parent HEAD >=20 > VII. References >=20 > >=20 > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- >=20 > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxAbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv9xQQALSpP1xklc9UjGzlSpTo > 2owWykX02TVDqd7a57jEFpak6F9sJ1B83jrkEQVIGjBGQpTIWYt/C34QEzeo502F > +dqfqXr32MyudPDq+lsWB7HhafG/gktTDpibJrQkqPDdTc+TwzzhoHxGAdckAMsr > vCqnUF6UmtmTzQEyoQBqPGPWbVnyVboOQ0ZvKouMZdMBVlC7IvWPDlbpMEOLePTE > NPHeuxFYbFHMUkOLq97Dhg4XTqdIG0t3n/0jA1kjCDvJWDbXpR1bPy1USTNxHO35 > xjeZshL2IWXDJSxLFBNE+cNFwg4dyp5vXcQXh3HtyMC9PMPMyIbJT7zQluV3CVI7 > 9gC6MMH7QiLssj5hJqMSXccrNzkag6Alu9ET5A/NtoGjyogbXmIPsQ9hLAqf/c9v > 5m4O86dlHBL/JsGcPqsGw3+gucqgso2gy4yQ8h1GqGwNGv440TMAHRz5eAu+qOZq > tDxo3OqK3HIEoChiQaRZp5bc/p0L1Rfka10J0HmIxB2KkdHEjdMn5SBsEYRsIv5v > Sp34rl0cLm0oHraIQ0jNVTwZetrxl4CMIAexHYO1hJ+jZDRdBQ5CC7S83+t2Tbnu > JgRsm6A+1TZfWsaflIx9ga42DEndXgqpmdrtjIFoO1zNQjrvcd3sqJH6GTMNdywg > 2woyv6Bb/bwINWDE7EhicoJl > =3DWJPW > -----END PGP SIGNATURE----- >=20 From nobody Wed Jun 10 10:46:44 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb2XR5NLjz6hb80 for ; Wed, 10 Jun 2026 10:47:03 +0000 (UTC) (envelope-from iandstanley@gmail.com) Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gb2XR4Gbmz3llL for ; Wed, 10 Jun 2026 10:47:03 +0000 (UTC) (envelope-from iandstanley@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-68e5f7c1131so12462757a12.2 for ; Wed, 10 Jun 2026 03:47:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781088422; x=1781693222; darn=freebsd.org; h=to:in-reply-to:references:message-id:date:subject:mime-version:from :content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=z/Z8MLyeMhcrbMQ7pV0OWNJ9XYX4bsJOoYLFE90P7cE=; b=Ru09Ik/savLyOjcyDVch01Mdpb5cvjUe2mPBXSLd+jQY3xWOZgqlw+D56nhed/YVDR sgT860yP3tHXuyzYMEB+dECd5Wk3Ro98k0h+LnCnbezJsM29OT3w7aW5YwuxIunji845 pwUGvgSRzdHLRBK1E/KiQO/jd6UtVk7gR7zg1WEz7rGoeO+TP+13ZfGbI0J9hlr2Z4Sx j5xuqVcb2qt5WF0uQBnBkFMLn+4EnT9UZxJLs0tWACorZ097pTHQr7yyqpSH2JKO5aLp XYnjKtyJzLGC/44lU0Qa0Q4BNfyd9LGRx3vL95OPRc6SKl/uMSZNj5IZmWu91ecwb6lf 3XYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781088422; x=1781693222; h=to:in-reply-to:references:message-id:date:subject:mime-version:from :content-transfer-encoding:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z/Z8MLyeMhcrbMQ7pV0OWNJ9XYX4bsJOoYLFE90P7cE=; b=WQOb39gcfZ1IvyY2lKtvZbG6BFJwZGtaZI1cX7zDIopp89UieOk9VgkHAjbdjqg5+z 2+p4KfEEubZyVdH2XVSt+igJBGDrjFv/cAi1fRUUei5TShlFI9DbnV1feww1QBWdqqBC fDuoDAMBb6hEdChMZL5QJUFwXHCsQ0mnoIITfIKnlIqBFE7yT05cW2IY/jTa/at9fnkJ C3amBF/ewk6Mx4kSeHNGA0bP1P7U4ilT9uO+NJ7XAvun429vcbE3h/z8ybObXCmwW4ak X8e3au71n1Xk1WMHc4teQ5R+rUm5CeOrQvDIZ+gUWFUTbGPGn2tqI7gXlXdsC/rC5KMO WkdQ== X-Gm-Message-State: AOJu0YxQGPqn+XdfQzJZ5zmHYDVzlncYAKU62mjqE+X78H0ZB0XQTNPv qMtvBQSHYtY5eG9tr9R88eTh1arGUAu5aj9tu/NU2e6u3HisA6444dVxVgBG7g== X-Gm-Gg: Acq92OGVgsIwgLoiUxfItnfFodIcEP5Vw8HnYdHilYzqgIH2qNxL1/YMmyeSWp8AHhD jABjiabvqMKfCX5sOE7nlz5nKDInaBzy0myYfvVOvgFD/NQbhhmYTjvG9/l36cWGZTp+yWsr8oj XqKKs4M0MkLOVmVhP20q1ZWeAurn78PCjvJ2fg7cLH/dLgLkzo62zc3qtf/BrXtAKfykBnO/caK 3+gBNouGHkRbRS2+vDyAL9XGcVd9y0LJr0Usceqsgv81ywj8oEf/OJkna2WLkw5be/9o0SXjAmu nxE7RLU22RPXUKgfXaeyNEdYNJ2FgSMaUkeBTkE+q0IiF8BM3wbemCikFSP4PYmSoZTaixDWj++ lWtiO6OdU4laVqZRuxXO16heGMct6xrwFuA6U66uMe3mOWNpihqdsiLymMuuEvYJye/pBzzjyup J8a2WVVp+vphmyIRL8BK97092YcU0lF5lVSdhNhj/e1SJodaUFEJbC+knboBUwFvQoAlI4v1rn+ F8N4Rn3YOIt7y9yF/K1jP+HMpZm X-Received: by 2002:a17:907:2718:b0:bea:f4e0:c7b9 with SMTP id a640c23a62f3a-bf370d638ccmr947525166b.19.1781088418102; Wed, 10 Jun 2026 03:46:58 -0700 (PDT) Received: from smtpclient.apple ([2a00:23c7:3c55:2c01:6dcb:87cd:278e:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-bf051e9c499sm1153116766b.22.2026.06.10.03.46.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jun 2026 03:46:57 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Ian Stanley List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list Mime-Version: 1.0 (1.0) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum Date: Wed, 10 Jun 2026 11:46:44 +0100 Message-Id: References: <20260609231323.ACEA71FC52@freefall.freebsd.org> In-Reply-To: <20260609231323.ACEA71FC52@freefall.freebsd.org> To: freebsd-security@freebsd.org X-Mailer: iPhone Mail (23F77) X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4gb2XR4Gbmz3llL X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated Unsubscribe=20 > On 10 Jun 2026, at 00:32, FreeBSD Security Advisories wrote: >=20 > =EF=BB=BF-----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > FreeBSD-SA-26:28.capsicum Security Advis= ory > The FreeBSD Proje= ct >=20 > Topic: sigqueue(2) missing capability mode restriction >=20 > Category: core > Module: capsicum > Announced: 2026-06-09 > Credits: Ed Maste > Affects: All supported versions of FreeBSD. > Corrected: 2026-05-29 19:11:40 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:09 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:46 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-05-29 19:12:58 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:08 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:38 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-45259 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > Capsicum is a lightweight OS capability and sandbox framework. It provide= s > two kernel primitives: capability mode, and capabilities. Capability mode= > restricts the ability of a sandboxed process to interact with the global > namespace, including the ability to send signals to other processes, other= > than via capability-based interfaces. >=20 > In capability mode, kill(2) restricts signal delivery to the calling proce= ss > only, preventing a sandboxed process from signalling other processes. > sigqueue(2) provides similar signal delivery functionality, and is similar= ly > permitted in capability mode. >=20 > II. Problem Description >=20 > sigqueue(2) was marked as permitted in capability mode with the introducti= on > of Capsicum in 2011, but the implementation of kern_sigqueue did not inclu= de > a capability mode check restricting signal delivery to the calling process= 's > own PID. >=20 > III. Impact >=20 > A process in capability mode can use sigqueue(2) to send signals to any > process it could signal following standard Unix permissions, bypassing the= > Capsicum sandbox restriction. A compromised sandboxed process could > interfere with other processes, for example by sending SIGKILL or SIGSTOP.= > This could be any process running as the same user, or any process, for a > superuser sandboxed process. >=20 > IV. Workaround >=20 > No workaround is available. >=20 > V. Solution >=20 > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, and > reboot. >=20 > Perform one of the following: >=20 > 1) To update your vulnerable system installed from base system packages: >=20 > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be updated= > via the pkg(8) utility: >=20 > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" >=20 > 2) To update your vulnerable system installed from binary distribution set= s: >=20 > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platfor= ms > which were not installed using base system packages can be updated via the= > freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 15.1] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch.= asc > # gpg --verify capsicum-15.1.patch.asc >=20 > [FreeBSD 15.0] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch.= asc > # gpg --verify capsicum-15.0.patch.asc >=20 > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch.as= c > # gpg --verify capsicum-14.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile your kernel as described in > and reboot the > system. >=20 > VI. Correction details >=20 > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: >=20 > Branch/path Hash Revision > - ------------------------------------------------------------------------= - > stable/15/ defd9b86ef99 stable/15-n283744 > releng/15.1/ 871d33e8a66a releng/15.1-n283553 > releng/15.0/ 77ee83d12625 releng/15.0-n281055 > stable/14/ d11ff01b3aec stable/14-n274231 > releng/14.4/ eab757f954ed releng/14.4-n273717 > releng/14.3/ f56e8cb94df6 releng/14.3-n271517 > - ------------------------------------------------------------------------= - >=20 > Run the following command to see which files were modified by a > particular commit: >=20 > # git show --stat >=20 > Or visit the following URL, replacing NNNNNN with the hash: >=20 > >=20 > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: >=20 > # git rev-list --count --first-parent HEAD >=20 > VII. References >=20 > >=20 > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- >=20 > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxAbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv9xQQALSpP1xklc9UjGzlSpTo > 2owWykX02TVDqd7a57jEFpak6F9sJ1B83jrkEQVIGjBGQpTIWYt/C34QEzeo502F > +dqfqXr32MyudPDq+lsWB7HhafG/gktTDpibJrQkqPDdTc+TwzzhoHxGAdckAMsr > vCqnUF6UmtmTzQEyoQBqPGPWbVnyVboOQ0ZvKouMZdMBVlC7IvWPDlbpMEOLePTE > NPHeuxFYbFHMUkOLq97Dhg4XTqdIG0t3n/0jA1kjCDvJWDbXpR1bPy1USTNxHO35 > xjeZshL2IWXDJSxLFBNE+cNFwg4dyp5vXcQXh3HtyMC9PMPMyIbJT7zQluV3CVI7 > 9gC6MMH7QiLssj5hJqMSXccrNzkag6Alu9ET5A/NtoGjyogbXmIPsQ9hLAqf/c9v > 5m4O86dlHBL/JsGcPqsGw3+gucqgso2gy4yQ8h1GqGwNGv440TMAHRz5eAu+qOZq > tDxo3OqK3HIEoChiQaRZp5bc/p0L1Rfka10J0HmIxB2KkdHEjdMn5SBsEYRsIv5v > Sp34rl0cLm0oHraIQ0jNVTwZetrxl4CMIAexHYO1hJ+jZDRdBQ5CC7S83+t2Tbnu > JgRsm6A+1TZfWsaflIx9ga42DEndXgqpmdrtjIFoO1zNQjrvcd3sqJH6GTMNdywg > 2woyv6Bb/bwINWDE7EhicoJl > =3DWJPW > -----END PGP SIGNATURE----- >=20 From nobody Wed Jun 10 16:17:45 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gb9t95Jvkz6gk38 for ; Wed, 10 Jun 2026 16:17:53 +0000 (UTC) (envelope-from jpresley@eepycat.org) Received: from mail.eepycat.org (mail.eepycat.org [15.235.43.252]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gb9t93JX7z3hkj for ; Wed, 10 Jun 2026 16:17:53 +0000 (UTC) (envelope-from jpresley@eepycat.org) Authentication-Results: mx1.freebsd.org; none Received: from mail.eepycat.org (mail.eepycat.org [127.0.0.1]) by mail.eepycat.org (Postfix) with ESMTP id 4gb9t26Y75z6MWY for ; Wed, 10 Jun 2026 16:17:46 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eepycat.org; h= content-transfer-encoding:content-type:message-id:user-agent :references:in-reply-to:subject:to:from:date:mime-version; s= dkim; t=1781108265; x=1783700266; bh=Q8ABcrpHEP6QYYPM8fTmY+QDQl9 1/+zJl/epkDotkZY=; b=PR4t/hxwG4iA1Cq0Z4UTeoKyN1rOpyosA429NcaxXXq A2cZ69l0vogTJlV5nQsvUPtzp3SjQrTdEeNOIo4oTXnLnbPr+U0qvufGOujLLFXt N+De3TsgW8Bc4Fll1xWxuNn3+Oa1T/KCAJeFhCAN0ZgzgGeFSvKJvzHdCQUBt4bE OtiAcxjOtvV9tDa+wusL6LIAVJclMurDT1vMafGhG9vZbCYB0Rf0T7TcqEH7fXEQ UTyB8n+DpE2MAl3aSa5D6u1KyypgQX/nd/b+vH20l2MaUtp6Ofqg6GmV5w5N8jL1 uFnnyHsRCAZJCRsfzPLAMaoWgWB5+0OwodgXoNd+NAg== X-Virus-Scanned: amavis at mail.eepycat.org Received: from mail.eepycat.org ([127.0.0.1]) by mail.eepycat.org (mail.eepycat.org [127.0.0.1]) (amavis, port 10026) with ESMTP id eSmPcpBJMuBT for ; Wed, 10 Jun 2026 16:17:45 +0000 (GMT) Received: from localhost (mail.eepycat.org [127.0.0.1]) by mail.eepycat.org (Postfix) with ESMTPSA id 4gb9t15DkCz6MT8; Wed, 10 Jun 2026 16:17:45 +0000 (GMT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Date: Wed, 10 Jun 2026 11:17:45 -0500 From: jpresley@eepycat.org To: Ian Stanley Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum In-Reply-To: References: <20260609231323.ACEA71FC52@freefall.freebsd.org> User-Agent: Roundcube Webmail Message-ID: X-Sender: jpresley@eepycat.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16276, ipnet:15.235.0.0/17, country:FR] X-Rspamd-Queue-Id: 4gb9t93JX7z3hkj X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated The unsubscribe button at=20 https://lists.freebsd.org/subscription/freebsd-security appears to be=20 broken, the below error is returned. I imagine it could be broken for=20 other lists as well, and will report it to webmaster@freebsd.org on your=20 behalf. Received error: ``` Error 503 Backend fetch failed Backend status: Backend fetch failed Transaction ID: 12694749274 ``` -------- Original Message -------- Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum Date: 2026-06-10 05:46 From: Ian Stanley To: freebsd-security@freebsd.org Unsubscribe > On 10 Jun 2026, at 00:32, FreeBSD Security Advisories=20 > wrote: >=20 > =EF=BB=BF-----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-26:28.capsicum Security=20 > Advisory > The FreeBSD=20 > Project >=20 > Topic: sigqueue(2) missing capability mode restriction >=20 > Category: core > Module: capsicum > Announced: 2026-06-09 > Credits: Ed Maste > Affects: All supported versions of FreeBSD. > Corrected: 2026-05-29 19:11:40 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:09 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:46 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-05-29 19:12:58 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:08 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:38 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-45259 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > Capsicum is a lightweight OS capability and sandbox framework. It=20 > provides > two kernel primitives: capability mode, and capabilities. Capability=20 > mode > restricts the ability of a sandboxed process to interact with the=20 > global > namespace, including the ability to send signals to other processes,=20 > other > than via capability-based interfaces. >=20 > In capability mode, kill(2) restricts signal delivery to the calling=20 > process > only, preventing a sandboxed process from signalling other processes. > sigqueue(2) provides similar signal delivery functionality, and is=20 > similarly > permitted in capability mode. >=20 > II. Problem Description >=20 > sigqueue(2) was marked as permitted in capability mode with the=20 > introduction > of Capsicum in 2011, but the implementation of kern_sigqueue did not=20 > include > a capability mode check restricting signal delivery to the calling=20 > process's > own PID. >=20 > III. Impact >=20 > A process in capability mode can use sigqueue(2) to send signals to any > process it could signal following standard Unix permissions, bypassing=20 > the > Capsicum sandbox restriction. A compromised sandboxed process could > interfere with other processes, for example by sending SIGKILL or=20 > SIGSTOP. > This could be any process running as the same user, or any process, for= =20 > a > superuser sandboxed process. >=20 > IV. Workaround >=20 > No workaround is available. >=20 > V. Solution >=20 > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, and > reboot. >=20 > Perform one of the following: >=20 > 1) To update your vulnerable system installed from base system=20 > packages: >=20 > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be=20 > updated > via the pkg(8) utility: >=20 > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" >=20 > 2) To update your vulnerable system installed from binary distribution=20 > sets: >=20 > Systems running a RELEASE version of FreeBSD on the amd64 or arm64=20 > platforms > which were not installed using base system packages can be updated via=20 > the > freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 15.1] > # fetch=20 > https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch > # fetch=20 > https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.1.patch.asc > # gpg --verify capsicum-15.1.patch.asc >=20 > [FreeBSD 15.0] > # fetch=20 > https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch > # fetch=20 > https://security.FreeBSD.org/patches/SA-26:28/capsicum-15.0.patch.asc > # gpg --verify capsicum-15.0.patch.asc >=20 > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch > # fetch=20 > https://security.FreeBSD.org/patches/SA-26:28/capsicum-14.patch.asc > # gpg --verify capsicum-14.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile your kernel as described in > and reboot the > system. >=20 > VI. Correction details >=20 > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: >=20 > Branch/path Hash =20 > Revision > -=20 > -----------------------------------------------------------------------= -- > stable/15/ defd9b86ef99 =20 > stable/15-n283744 > releng/15.1/ 871d33e8a66a =20 > releng/15.1-n283553 > releng/15.0/ 77ee83d12625 =20 > releng/15.0-n281055 > stable/14/ d11ff01b3aec =20 > stable/14-n274231 > releng/14.4/ eab757f954ed =20 > releng/14.4-n273717 > releng/14.3/ f56e8cb94df6 =20 > releng/14.3-n271517 > -=20 > -----------------------------------------------------------------------= -- >=20 > Run the following command to see which files were modified by a > particular commit: >=20 > # git show --stat >=20 > Or visit the following URL, replacing NNNNNN with the hash: >=20 > >=20 > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: >=20 > # git rev-list --count --first-parent HEAD >=20 > VII. References >=20 > >=20 > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- >=20 > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxAbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv9xQQALSpP1xklc9UjGzlSpTo > 2owWykX02TVDqd7a57jEFpak6F9sJ1B83jrkEQVIGjBGQpTIWYt/C34QEzeo502F > +dqfqXr32MyudPDq+lsWB7HhafG/gktTDpibJrQkqPDdTc+TwzzhoHxGAdckAMsr > vCqnUF6UmtmTzQEyoQBqPGPWbVnyVboOQ0ZvKouMZdMBVlC7IvWPDlbpMEOLePTE > NPHeuxFYbFHMUkOLq97Dhg4XTqdIG0t3n/0jA1kjCDvJWDbXpR1bPy1USTNxHO35 > xjeZshL2IWXDJSxLFBNE+cNFwg4dyp5vXcQXh3HtyMC9PMPMyIbJT7zQluV3CVI7 > 9gC6MMH7QiLssj5hJqMSXccrNzkag6Alu9ET5A/NtoGjyogbXmIPsQ9hLAqf/c9v > 5m4O86dlHBL/JsGcPqsGw3+gucqgso2gy4yQ8h1GqGwNGv440TMAHRz5eAu+qOZq > tDxo3OqK3HIEoChiQaRZp5bc/p0L1Rfka10J0HmIxB2KkdHEjdMn5SBsEYRsIv5v > Sp34rl0cLm0oHraIQ0jNVTwZetrxl4CMIAexHYO1hJ+jZDRdBQ5CC7S83+t2Tbnu > JgRsm6A+1TZfWsaflIx9ga42DEndXgqpmdrtjIFoO1zNQjrvcd3sqJH6GTMNdywg > 2woyv6Bb/bwINWDE7EhicoJl > =3DWJPW > -----END PGP SIGNATURE----- >=20 From nobody Wed Jun 10 22:13:37 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gbKn34ftrz6hKm5; Wed, 10 Jun 2026 22:13:59 +0000 (UTC) (envelope-from xi@borderworlds.dk) Received: from fhigh-a4-smtp.messagingengine.com (fhigh-a4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gbKn31y7Lz3VnS; Wed, 10 Jun 2026 22:13:59 +0000 (UTC) (envelope-from xi@borderworlds.dk) Authentication-Results: mx1.freebsd.org; none Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfhigh.phl.internal (Postfix) with ESMTP id AA437140008A; Wed, 10 Jun 2026 18:13:58 -0400 (EDT) Received: from phl-imap-05 ([10.202.2.95]) by phl-compute-06.internal (MEProxy); Wed, 10 Jun 2026 18:13:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=borderworlds.dk; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1781129638; x=1781216038; bh=z/OAFpRhX7baT7L0stfzIAlFgQmIDSFg gbzJ3Fbvohg=; b=YNZJOk6AJez51vyN7mhC6mSv44P3J2+2+TjB3gYvE2kraDca 8r7fmbaw5uPTblKGS6R1O1iGowxj40yt8lQpgZ2DzHyNkCO3sILkTFTIKj4aQC1Y uNUxTVog9A93PZY3wDwFU9AnYct7M5Rx8LMjqiIluTvcX1Zew0P8rv4UPEgYEjE3 UGoNj9CAu3VuY8qu1F4e7mUXhvZuLH0VpyeOSk/lvCqMcUvSxfmWLKPWxSjuUSon q+eLQdtXB281BJv0Mi+FoSMgCoT2uPRzBWI7RBTWc/CYPwlvAosrQcSJOG6ceayl +fhgWL/of+3JJxC0TQ/gNWasT03IeSBp40+5qw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1781129638; x= 1781216038; bh=z/OAFpRhX7baT7L0stfzIAlFgQmIDSFggbzJ3Fbvohg=; b=D U8OBdLm0bX9EW7oftYMkykx/AdkA7W/t5KkBw0vaza2WoV1QhnhxmgV4WRr+/ZCG wrZiKITza3M/YjyNotCCZNZMJiynFdO5KS9KwbV/DfCIcDqP5HlObkLw5toNNPFP PuI+oCfXgLeUFgEdcz+1OUJCTwq3h0817EZhvNyq4MWtCNwuk13tVwiGg6eOTLct zf65LhWeTnP0dbkcnsrZ5aT+mWhp8XZ406jmxPTbBjiY6yAWb7KH+LJ0jUubPQot KQ36X/AJafOSTlrcIbppjHGI0+0bkj8WL883XkPf3yQCRmf21LrWxx4kEi9s9F5/ vpX1ttXo28ap8yRoaONcg== X-ME-Sender: X-ME-Proxy-Cause: dmFkZTFN9QtQcEXgTDXoBE6c6fusO1zZPSUugAke/Dy353c+oJE+mYeZjtz2dmHJJMgcbS ubPp+2mcMZuZO5Ddpjeleo2qMnnjKwRY+0AMtYkL+rtMKbTYCudqtuS7x3HVj3bIZ4COJy k/KlnmeVvM7OmYbNKmdYrdr0NY5wNzbTAMC+Im2RCbPSof34lqsnnRZNo9jfLwcOswQuN/ hqjAbJbhRaT7GHtHqmWaogdgiFJ0MB6tOKAiJxXXuTXxWhp18SE1eGQBfcFOTdoG34+fDp l5x3XuMub1IJRqFxcdDAopA3liQL/rRMszpIFuz0fR+Noy78DTl9yFLSjveEkQGzCRE2Wc zpT5rV6r43dz71XtYBymDkZVr0U2ofoIiaeIw0+FffrxgfS9wB5/+iDL8sa8HvKe+oyarf Epk8EMw+wYPeuUKxvv7N3NEPkzLe13WjpynIu/441nO+e7BAMnKsmc7DZAN7BxHLuvlpPI gyybsgV6+aeH0SQ6C3Ldq529jUEvOEw+TeBNAYMfSlYFIdNxnIhMG1Z+gwTFrcbtRLaGWv yorVQU1F+ChVpZj7wORgNxEqaUwFbgU3U5l9YzpCYsjz/rGSqZ5gJ9EX6x/9WNyxAH3D5a jdQmq6Fj/SoU0GcEveQtEectJQ0ifOyUCQ0EyiLQUjPHdKiNi1QaYC3sxmKg X-ME-Proxy: Feedback-ID: i69e04380:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 18DB0182007E; Wed, 10 Jun 2026 18:13:58 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 X-ThreadId: AbYv8XRW6TN7 Date: Thu, 11 Jun 2026 00:13:37 +0200 From: =?UTF-8?Q?Kristian_St=C3=A6rk?= To: vermaden , "FreeBSD Release Engineering Team" , "freebsd-snapshots@FreeBSD.org" , "freebsd-stable@FreeBSD.org" Cc: secteam@freebsd.org, FreeBSD-security-notifications@freebsd.org, FreeBSD-security@freebsd.org Message-Id: In-Reply-To: References: <20260606214002.7D08E151E8@freefall.freebsd.org> Subject: Re: FreeBSD 15.1-RC3 Now Available Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:151847, ipnet:103.168.172.0/24, country:AU] X-Rspamd-Queue-Id: 4gbKn31y7Lz3VnS X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated ons 10. jun 2026 klokken 22:42 skrev vermaden: > > The messages that notify about new releases like this one provides > instructions on how to update/upgrade PKGBASE FreeBSD system ... but SA > (Security Advisories) still miss that information and only mention > freebsd-update(8) on how to apply security fixes. > >> https://www.freebsd.org/security/advisories/FreeBSD-SA-26:26.ktls.asc > > This also needs to be addressed. I just ran "pkg upgrade" which updated my system to 15.1-RC3-p1. I agree that the SA's of course need to mention that. Best regards Kristian From nobody Thu Jun 11 05:15:10 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gbW7K6B1Lz6hZyq for ; Thu, 11 Jun 2026 05:15:25 +0000 (UTC) (envelope-from aqua.shim@gmail.com) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gbW7J1xDYz3DjD for ; Thu, 11 Jun 2026 05:15:24 +0000 (UTC) (envelope-from aqua.shim@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20251104 header.b=DGlI6x39; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aqua.shim@gmail.com designates 2607:f8b0:4864:20::82d as permitted sender) smtp.mailfrom=aqua.shim@gmail.com; arc=pass ("google.com:s=arc-20240605:i=1") Received: by mail-qt1-x82d.google.com with SMTP id d75a77b69052e-5176465a4a4so101932701cf.2 for ; Wed, 10 Jun 2026 22:15:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1781154922; cv=none; d=google.com; s=arc-20240605; b=k3t+V4lkJSNPXXHG9y5UPtOKs1bDYfBK0kKU4Qiod3nlMg0IXSBtMV4Wt7OcYFdnnJ lH2eo+9BT8DELPALqMOTZ/xd2wZKeEu0knumINiWHtsw6A2F/ZZHhNetwlcfmRzAnspQ puenPGPR1vjNXFo1hTw0Clzl6vHtV87Tyjjb02q9SGlyx7s4sHc10gy6/riczeq13R9W 91FUQOYFz/hazBrZ7bv4eiErnYQQbqpZ98PsRcs7q8dnTVsd2EgNsXhfwrR6G3HCmINo r9irSwZAGMBcIiwaSz0GLpYrPdHl9+BeQurNSb11ME9HFSHHRlxF/e+vdKkRBD7N18qk S10Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; fh=8X/fzy6oRkinpO/u1+30mH2eQUCHV465yZU8zsG9ReM=; b=FPpxtA3ZCxw4pckKc3bbh7EEoVkOOq6miyBtOd4o0se83bkyhKH3ioocB9sFsygGD4 d6J8UvvpxvhCKMod2bfQ21h7mLieJyJipCUB/YalYNbn8As30Z7nsiSJHma1QewCkE0K wNNJQMaZp1zoskgTNH06Q0TouqLNj9RhM7DflNScSOOzMyyBgvapWxplO38FKh+RegiR TEnuacwjntJmmzR+lOjRSyGKenKi/W67fRJepauVKIP8XH9Du3KlFX7VFEztFzYac23q cekiJIE4l0WLAhRGK7OxsTJd0F8qRWroCOLR2oarkGMhtEpIaCaUOf4rSvgUIqHvpjVz 4QTA==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781154922; x=1781759722; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; b=DGlI6x390cmU1iYmW9rbWRPpz5PunPgtaEU44Ld+y/ol5UW/kF7uI8/HRXxEkUhEQw q6spoEAptZDCZnQ4XnrixArNE4/jb9EVhUsxmOUB1sZNTeg+Nx9Ycw1K2nk8zI9LoLug 0GvUtqFunOKaF8VrGJGL+AfPypouoxPyNxSrjgZMcFok8kuDQm0unucRC4dIbVBxaDrk dbKP+OGAtFs2ZVIoF2VYbhhwd2wcVNxgcsihOg1XKYYz35Nlhf7EGGOTHY2ylIGZ9LT5 D/PYJWtb6tFAMqhuvEzJ1YMZvITGhX1boYYx8I0TO6wKQ0bwF3WJpzet23QgvJwq6Ho4 E1rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781154922; x=1781759722; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; b=EPPmSvquyAtfcDtlyjJHHMBVEwknHFR/DPab634miGiMfpFu802PXVwI3FghIn7fb0 Cj4tZurhyTNQK45nVTNUwLMg9j4yIFyoQm2TBHIYmxK6L5N2OkRn+8WpAwYLV7pvFn7Z RaBAPQ/ADOtb3ZWs/Mdvkitfeed9ihZ6Rf4a+tvTZkV8uCHGpw468nnM1G5jN5QKLN07 qQVCg14dJNZNk01VU/DfUIAuznWMDYUbXjoPZq9mRTLt5Iq4XxEDS9H+CYEPnKyVx6EF pBQBVkXSSt+Rs8HyB0LiKTQH1wpFXqSyhzPtEbN5a8YBtijVgxtGzun1XZg6GW+eJfp4 9cJw== X-Gm-Message-State: AOJu0Yw1a+UQSARs03YnrTc98O0Oc5iqe29laA3RkCHBwhji18968+wz 3ChA5jF3k5RpDb3gwv92K8seSpEKTAmDjFen5GftOWFfyS9lfgYJwPoe5Rb37MHsZ+ga2tGs5/q rWnJQ5LNLNBS2u2inWdwWCyLDyLfDh5rF8A== X-Gm-Gg: Acq92OF4f1jecfAeQO/xSwl9HILh9rVUJzvG4/mmc6zsy0RIVfuj0FSNoinzzjGc/TS mdk5reX2D11oWMYm2WNWfkhkBb12F9uS29sPc+T7vjaBEg6FCUydlTO0XcT2JWagp1n+SUlWxp+ 8y/L/miQkCc8/sgs9RY5pFrM9msONg4mt8ooexs7S/XCfCPYP5xtVv1Bj5GNvgdH/9rhD++oL1M K0Mr8//UeEqyS4jKRL9wlANLmR+dMtgsSAwdMmrQC0cl9KglJqziRrWABZVhjCEm5K6VYDzCwVM X0f1xN5nLVhFbROgSss= X-Received: by 2002:a05:622a:6103:b0:517:7188:c47a with SMTP id d75a77b69052e-517edd3738cmr22008161cf.2.1781154921886; Wed, 10 Jun 2026 22:15:21 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 References: <20260609231407.4C8371FCC4@freefall.freebsd.org> In-Reply-To: <20260609231407.4C8371FCC4@freefall.freebsd.org> From: Jason Shim Date: Thu, 11 Jun 2026 14:15:10 +0900 X-Gm-Features: AVVi8CeXlhrmG84flPt23OCi4SxPm8h4_1Mf3umwLR1yqmbytTakEFalUV2FfaE Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:35.openssl To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="00000000000068b7120653f3726d" X-Spamd-Result: default: False [1.74 / 15.00]; RBL_SEM_IPV6(1.00)[2607:f8b0:4864:20::82d:from]; NEURAL_SPAM_LONG(1.00)[0.997]; NEURAL_HAM_SHORT(-0.89)[-0.890]; NEURAL_SPAM_MEDIUM(0.63)[0.634]; BAD_REP_POLICIES(0.10)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TAGGED_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[gmail.com:s=20251104]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; DKIM_TRACE(0.00)[gmail.com:+]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::82d:from]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ARC_ALLOW(0.00)[google.com:s=arc-20240605:i=1]; R_SPF_ALLOW(0.00)[+ip6:2607:f8b0:4864::/56]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_HAS_DN(0.00)[] X-Spamd-Bar: + X-Rspamd-Queue-Id: 4gbW7J1xDYz3DjD --00000000000068b7120653f3726d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable unsubscribe On Wed, Jun 10, 2026 at 9:18=E2=80=AFAM FreeBSD Security Advisories < security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-26:35.openssl Security > Advisory > The FreeBSD > Project > > Topic: Multiple vulnerabilities in OpenSSL > > Category: contrib > Module: openssl > Announced: 2026-06-09 > Credits: See linked vendor advisory in References section > Affects: All supported versions of FreeBSD. > Corrected: 2026-06-09 19:17:36 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:15 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:54 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-06-09 19:17:54 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:16 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:46 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, > CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, > CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, > CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, > CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project > is a > collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit for the Transport Layer Security (TLS) protocol. It = is > also a general-purpose cryptography library. > > II. Problem Description > > Multiple issues have been reported as part of this advisory with differen= t > issues affecting different OpenSSL versions and therefore different FreeB= SD > versions. Instead of exhaustively listing detailed writeups for each > issue, > please see the referenced advisory from OpenSSL. > > Issues affecting FreeBSD 15.x (OpenSSL 3.5): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversi= on > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC key= s > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE > handler > CVE-2026-42764 - NULL dereference in QUIC server initial packet handlin= g > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption > CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and > PKCS7_decrypt() > CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate > handling > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > Issues affecting FreeBSD 14.x (OpenSSL 3.0): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversi= on > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > III. Impact > > The issues include heap buffer overflows and over-reads, NULL pointer > dereferences, a use-after-free, unbounded memory allocation, and several > cryptographic flaws permitting message forgery, integrity bypass, or > recovery of a private key. > > Security impact ranges from a Denial of Service to a potential remote cod= e > execution. See the OpenSSL advisory for specific details. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your vulnerable system installed from base system packages: > > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be update= d > via the pkg(8) utility: > > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your vulnerable system installed from binary distribution > sets: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 > platforms > which were not installed using base system packages can be updated via th= e > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 15.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch.as= c > # gpg --verify openssl-15.patch.asc > > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch.as= c > # gpg --verify openssl-14.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > Restart all daemons that use the library, or reboot the system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > - -----------------------------------------------------------------------= -- > stable/15/ 865c8ff56693 stable/15-n283889 > releng/15.1/ 083bb80a125a releng/15.1-n283559 > releng/15.0/ 0d6ccbb7524f releng/15.0-n281062 > stable/14/ ec6bfa889b83 stable/14-n274318 > releng/14.4/ 1929d9e173e5 releng/14.4-n273724 > releng/14.3/ dd3096b4efe6 releng/14.3-n271524 > - -----------------------------------------------------------------------= -- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat > > Or visit the following URL, replacing NNNNNN with the hash: > > > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > > > > > > > > > > > > > > > > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP > 1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD > McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo > N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8 > 764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw > /kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA > ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R > riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7 > Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE > CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es > uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH > 1srvsOXI5oN55cZrX4+H6G17 > =3DUV/w > -----END PGP SIGNATURE----- > > --00000000000068b7120653f3726d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
unsubscribe

On Wed, Jun 10, 2026 at 9= :18=E2=80=AFAM FreeBSD Security Advisories <security-advisories@freebsd.org> wrote:
-----BEGIN PGP SIGNED= MESSAGE-----
Hash: SHA512

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D
FreeBSD-SA-26:35.openssl=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Security Advisory
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 The FreeBSD Project=

Topic:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Multiple vulnerabilities in OpenSS= L

Category:=C2=A0 =C2=A0 =C2=A0 =C2=A0contrib
Module:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0openssl
Announced:=C2=A0 =C2=A0 =C2=A0 2026-06-09
Credits:=C2=A0 =C2=A0 =C2=A0 =C2=A0 See linked vendor advisory in Reference= s section
Affects:=C2=A0 =C2=A0 =C2=A0 =C2=A0 All supported versions of FreeBSD.
Corrected:=C2=A0 =C2=A0 =C2=A0 2026-06-09 19:17:36 UTC (stable/15, 15.1-STA= BLE)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:20:15= UTC (releng/15.1, 15.1-RC3-p1)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:19:54= UTC (releng/15.0, 15.0-RELEASE-p10)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:17:54= UTC (stable/14, 14.4-STABLE)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:19:16= UTC (releng/14.4, 14.4-RELEASE-p6)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:18:46= UTC (releng/14.3, 14.3-RELEASE-p15)
CVE Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0CVE-2026-7383, CVE-2026-9076, CVE-2026-= 34180,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-34181, CVE= -2026-34182, CVE-2026-34183,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-42764, CVE= -2026-42766, CVE-2026-42767,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-42768, CVE= -2026-42769, CVE-2026-42770,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-45445, CVE= -2026-45446, CVE-2026-45447

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/<= /a>>.

I.=C2=A0 =C2=A0Background

FreeBSD includes software from the OpenSSL Project.=C2=A0 The OpenSSL Proje= ct is a
collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol.=C2=A0 = It is
also a general-purpose cryptography library.

II.=C2=A0 Problem Description

Multiple issues have been reported as part of this advisory with different<= br> issues affecting different OpenSSL versions and therefore different FreeBSD=
versions.=C2=A0 Instead of exhaustively listing detailed writeups for each = issue,
please see the referenced advisory from OpenSSL.

Issues affecting FreeBSD 15.x (OpenSSL 3.5):
=C2=A0 CVE-2026-7383=C2=A0 - Possible heap buffer overflow in ASN.1 string = conversion
=C2=A0 CVE-2026-9076=C2=A0 - Out-of-bounds read in CMS password-based decry= ption
=C2=A0 CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing
=C2=A0 CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC = keys
=C2=A0 CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages =C2=A0 CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE = handler
=C2=A0 CVE-2026-42764 - NULL dereference in QUIC server initial packet hand= ling
=C2=A0 CVE-2026-42766 - Possible NULL dereference in password-based CMS dec= ryption
=C2=A0 CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption<= br> =C2=A0 CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and PKCS7_de= crypt()
=C2=A0 CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate ha= ndling
=C2=A0 CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q
=C2=A0 CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot pat= h
=C2=A0 CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV= modes
=C2=A0 CVE-2026-45447 - Heap use-after-free in PKCS7_verify()

Issues affecting FreeBSD 14.x (OpenSSL 3.0):
=C2=A0 CVE-2026-7383=C2=A0 - Possible heap buffer overflow in ASN.1 string = conversion
=C2=A0 CVE-2026-9076=C2=A0 - Out-of-bounds read in CMS password-based decry= ption
=C2=A0 CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing
=C2=A0 CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages =C2=A0 CVE-2026-42766 - Possible NULL dereference in password-based CMS dec= ryption
=C2=A0 CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q
=C2=A0 CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot pat= h
=C2=A0 CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV= modes
=C2=A0 CVE-2026-45447 - Heap use-after-free in PKCS7_verify()

III. Impact

The issues include heap buffer overflows and over-reads, NULL pointer
dereferences, a use-after-free, unbounded memory allocation, and several cryptographic flaws permitting message forgery, integrity bypass, or
recovery of a private key.

Security impact ranges from a Denial of Service to a potential remote code<= br> execution.=C2=A0 See the OpenSSL advisory for specific details.

IV.=C2=A0 Workaround

No workaround is available.

V.=C2=A0 =C2=A0Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system installed from base system packages:
Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
platforms, which were installed using base system packages, can be updated<= br> via the pkg(8) utility:

# pkg upgrade -r FreeBSD-base
# shutdown -r +10min "Rebooting for a security update"

2) To update your vulnerable system installed from binary distribution sets= :

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platform= s
which were not installed using base system packages can be updated via the<= br> freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/p= atches/SA-26:35/openssl-15.patch
# fetch https://security.FreeBSD.o= rg/patches/SA-26:35/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc

[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/p= atches/SA-26:35/openssl-14.patch
# fetch https://security.FreeBSD.o= rg/patches/SA-26:35/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc

b) Apply the patch.=C2=A0 Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook= /makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.=C2=A0 Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Hash=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Revision
- -------------------------------------------------------------------------=
stable/15/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 865c8ff56693=C2=A0 =C2=A0 stable/= 15-n283889
releng/15.1/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 083bb80a125a=C2=A0 releng/15.1-n283559 releng/15.0/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0d6ccbb7524f=C2=A0 releng/15.0-n281062 stable/14/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ec6bfa889b83=C2=A0 =C2=A0 stable/= 14-n274318
releng/14.4/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1929d9e173e5=C2=A0 releng/14.4-n273724 releng/14.3/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 dd3096b4efe6=C2=A0 releng/14.3-n271524 - -------------------------------------------------------------------------=

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=3DNN= NNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://openssl-library.org/news/secadv/= 20260609.txt>

<URL:https://www.cve.org/CVERecord?id=3DCVE-2026-= 7383>
<URL:https://www.cve.org/CVERecord?id=3DCVE-2026-= 9076>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34180>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34181>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34182>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34183>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42764>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42766>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42767>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42768>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42769>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42770>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45445>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45446>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45447>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD= .org/advisories/FreeBSD-SA-26:35.openssl.asc>
-----BEGIN PGP SIGNATURE-----

iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO
bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP
1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD
McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo
N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8
764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw
/kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA
ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R
riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7
Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE
CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es
uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH
1srvsOXI5oN55cZrX4+H6G17
=3DUV/w
-----END PGP SIGNATURE-----

--00000000000068b7120653f3726d-- From nobody Thu Jun 11 12:01:18 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gbh7g6yqLz6hKRC; Thu, 11 Jun 2026 12:01:19 +0000 (UTC) (envelope-from des@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gbh7g6Tcbz3GHP; Thu, 11 Jun 2026 12:01:19 +0000 (UTC) (envelope-from des@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781179279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=14EaPRZFEtNs5+EZhoGIZdlCA6HtxmmVfssoYPUWsZ4=; b=q9hxMKRvNM3NBrkJVp9AhCl5aGk/GPanqNSa5Jxa+SJCBltPtWD75RZ4pScCHmRUfaFbUx EW0Qxw6usWk+3bYqlXRhU51YkBYJuY2SDoaJeFm5poyY+1aWucA0QpxW5LXS/0HOPa6sTa ZfKJqAKWxBWI3MXo3PgtSVr6sMmcUeUNbcZWuViwkFQQYUVy+4rNx3SZF1Z7i6BzVKaXwW rwi6bXCCNojsfloU60VhQ86eGeFtQn6Fv7LV07kqcgsAxLshgPkuFFXuAGaHqJnNvy85af 5ZDijscB2S0/xu70yb7Lpu4NRBS6FAv9+AiQPCLVRpCgKAJcyrgBzowAUY6B/A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781179279; a=rsa-sha256; cv=none; b=MlyvWYXL1ce73ttYTlw8kDJbrRldOubdr8yqomx9GEEwyzzCzYr99qmhHKBhvFHV8xmfNJ ljp3dFlE0JLaBlDpW6AYiDgHmQ6oy0FMcWyzQmi/CF9FgZcpCs7JtQY1B6f++VKdWt0sSu o/rLYBfulSmhfyDNAw4lqGHW41nClVva0ieCjh57s4C+WeiY97uzIZj4eXOmdrDyZg963m oCZ4JuvGCsgsLiAHSQBuq7Xnx9KNiVys/Yna/za70qBhQpj70HnLR7wP7e/mkxS6yULSDf iyH99zjCvbX7D0aEWT9mfktyoizVy374u4fs5ZVuiQL3JRPdWpY3IH/NqSWxxw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781179279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=14EaPRZFEtNs5+EZhoGIZdlCA6HtxmmVfssoYPUWsZ4=; b=e1BbgBPQE3ugNffh1e5+tvvV2ojidkvvM0H4Rb5PYpMYhPC8KOWakiWvToegn7v75I16bG aY6Ip9tIvKMMiKE6D/JlXlsmrS2tInIGi+EtAZSK4UFYTJJAXRUvKQYeBzH/c36oxUxLTE iAWRu9aY2oHchcTUwjsLWZf+J3tZS2+3g4QjNec9gbDhR69SzDr5IPsOtfaZs5NHy6iWfp KSmWUbBIwabAQrylbNGf9d7Vy/bwRiOXLxU9e1pP2PONc3kIm18UoZhI4YpHJAdtNxlpCK n+0eDhsPk4XNckRYGQXcI3BVG4LEU5nxMiN9UnwJK9hhDDDmrlA7MihRM+dR8g== Received: from ltc.des.dev (unknown [92.183.55.143]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: des/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4gbh7g5DcFzPw1; Thu, 11 Jun 2026 12:01:19 +0000 (UTC) (envelope-from des@freebsd.org) Received: by ltc.des.dev (Postfix, from userid 1001) id 88924B0605; Thu, 11 Jun 2026 14:01:18 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Kristian =?utf-8?Q?St=C3=A6rk?= Cc: vermaden , "FreeBSD Release Engineering Team" , "freebsd-snapshots@FreeBSD.org" , "freebsd-stable@FreeBSD.org" , secteam@freebsd.org, FreeBSD-security-notifications@freebsd.org, FreeBSD-security@freebsd.org Subject: Re: FreeBSD 15.1-RC3 Now Available In-Reply-To: ("Kristian =?utf-8?Q?St=C3=A6rk=22's?= message of "Thu, 11 Jun 2026 00:13:37 +0200") References: <20260606214002.7D08E151E8@freefall.freebsd.org> User-Agent: Gnus/5.13 (Gnus v5.13) Date: Thu, 11 Jun 2026 14:01:18 +0200 Message-ID: <86tsr95lrl.fsf@ltc.des.dev> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Kristian St=C3=A6rk writes: > vermaden writes: > > The messages that notify about new releases like this one provides=20 > > instructions on how to update/upgrade PKGBASE FreeBSD system ... but SA= =20 > > (Security Advisories) still miss that information and only mention=20 > > freebsd-update(8) on how to apply security fixes. > I just ran "pkg upgrade" which updated my system to 15.1-RC3-p1. > > I agree that the SA's of course need to mention that. Once again: they already do. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org From nobody Fri Jun 12 08:34:57 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gcCWj2jW7z6hLD4 for ; Fri, 12 Jun 2026 08:35:29 +0000 (UTC) (envelope-from j@uriah.heep.sax.de) Received: from uriah.heep.sax.de (uriah.heep.sax.de [213.240.137.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4gcCWg54Psz3qmt for ; Fri, 12 Jun 2026 08:35:27 +0000 (UTC) (envelope-from j@uriah.heep.sax.de) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=freebsd.org (policy=none); spf=pass (mx1.freebsd.org: domain of j@uriah.heep.sax.de designates 213.240.137.9 as permitted sender) smtp.mailfrom=j@uriah.heep.sax.de Received: by uriah.heep.sax.de (Postfix, from userid 107) id EAFBC80E7; Fri, 12 Jun 2026 10:34:57 +0200 (CEST) Date: Fri, 12 Jun 2026 10:34:57 +0200 From: Joerg Wunsch To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:26.ktls Message-ID: References: <20260609231311.7E26A1FD21@freefall.freebsd.org> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260609231311.7E26A1FD21@freefall.freebsd.org> X-GPG-Fingerprint-1: 5E84 F980 C3CA FD4B B584 1070 F48C A81B 69A8 5873 X-GPG-Fingerprint-2: 5662 8323 218C 669F F578 705C 7E9E ADC3 030D 34EB X-Spamd-Result: default: False [-1.13 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.995]; NEURAL_HAM_SHORT(-0.97)[-0.968]; NEURAL_SPAM_LONG(0.53)[0.534]; FORGED_SENDER(0.30)[joerg@freebsd.org,j@uriah.heep.sax.de]; R_SPF_ALLOW(-0.20)[+a]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), No valid DKIM,none]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; MISSING_XM_UA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEFALL_USER(0.00)[j]; ASN(0.00)[asn:8820, ipnet:213.240.128.0/18, country:DE]; TO_DOM_EQ_FROM_DOM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FROM_NEQ_ENVFROM(0.00)[joerg@freebsd.org,j@uriah.heep.sax.de]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[] X-Spamd-Bar: - X-Rspamd-Queue-Id: 4gcCWg54Psz3qmt According to their (evil, IMHO) web page, kern.ipc.mb_use_ext_pgs=0 is a viable workaround. As FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-26:26.ktls Security Advisory > The FreeBSD Project > > Topic: Arbitrary file overwrite via the KTLS receive path > > Category: core > Module: ktls > Announced: 2026-06-09 > Credits: Bumsrakete > Affects: All supported versions of FreeBSD > Corrected: 2026-06-09 19:17:28 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:06 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:43 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-06-09 19:17:46 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:05 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:35 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-45257 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > Kernel TLS (KTLS) moves Transport Layer Security (TLS) record processing > into the kernel, allowing applications to encrypt and decrypt socket data > without copying it to and from userspace and to serve TLS data with > sendfile(2). When a connection uses software KTLS on the receive path, > the kernel decrypts each incoming TLS record in place within the socket > buffer. > > II. Problem Description > > The KTLS receive path decrypted each record in place, assuming that the > mbufs holding received data were anonymous and safe to modify. This > assumption does not hold for data placed on a socket by sendfile(2), > which can reference file-backed memory directly through non-anonymous > M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data > over a loopback connection without enabling KTLS on the transmit side, > the file-backed mbufs reach the receiver's decryption path unchanged. > Decrypting a record in place then overwrites the backing file's page > cache instead of a private copy of the data. > > III. Impact > > An unprivileged local user who can read a file can overwrite its > contents with data of their choosing by sending the file over a loopback > connection on which they have enabled KTLS receive. The write modifies > the page cache directly, so it bypasses file flags such as schg and is > written back to disk. By overwriting a setuid binary or other trusted > file, a local user can escalate privileges, potentially gaining full > control of the affected system. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, > and reboot the system. > > Perform one of the following: > > 1) To update your vulnerable system installed from base system packages: > > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be updated > via the pkg(8) utility: > > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your vulnerable system installed from binary distribution sets: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms > which were not installed using base system packages can be updated via the > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch > # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch.asc > # gpg --verify ktls.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > - ------------------------------------------------------------------------- > stable/15/ a51345704403 stable/15-n283882 > releng/15.1/ 48c1c5e3c348 releng/15.1-n283550 > releng/15.0/ 540a315cdb46 releng/15.0-n281052 > stable/14/ 333bdd7e9427 stable/14-n274311 > releng/14.4/ d43259dd66b3 releng/14.4-n273714 > releng/14.3/ af3398862ac0 releng/14.3-n271514 > - ------------------------------------------------------------------------- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat > > Or visit the following URL, replacing NNNNNN with the hash: > > > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiUwbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv6hQP/3x8lGHZpLeT8PjB5NMF > xCfwzKQlu5vlkOqSv+9uEGsh3FQa9gHE/68SwZYa01waeFbTSKpBvrf1X4kRKGnE > r3z8DSAPnVqSRzp4k0PNTxPLtF09FfWiMEBA+PIedL91WkG24gQ63k3fORVjkSvs > a/uY1DQnmypV2mdV/S/hWmrtVCmi5itZKsVedZFoZHZ04GKwIObMoqXgtbUxdfhJ > XvjSCqGgvpsUPVpE72nKYAbbL81w344tNOGtjoC07utitkLoHtMlYqMTfXCv0dY7 > Oo3RZ408afAl1CalUdZ64KXJWqjCZt3FWxtn4ugZkewLc3cDyO5Y2ZUDMAb71P/V > Sdq6+GRIC5wMOmd2C2Wb4C72FODhh4o4+n/E7qeIojT5jozWNFAFN0ugzNcqzuM9 > b8ekwLWK9MbtjZWF1A0OhsLqQoYuBcwX4RymVJCfpEnlPEDwaf0fv/Sx/OyU9MBx > zbT/Thqa9cB++4U6Obodcj55mXM9p23b9OpEnSD5FKlhxXPxCYW5gc2mK4k+yoKd > 5ZCzzcdzbMoNgqyHnvrBgFGMsPggXJxaidsRFtVSb9E1GWQUweyN9hR10Gr8wX5j > QL18EHe3Lcgg2Z+mi8NQ8lrqPoGpTIjZ8enEYHLrILe/p8JMjNU5fe+YqQTE0tyD > pWQqqx8AYbHJsnCDELTeqt96 > =lD4w > -----END PGP SIGNATURE----- > -- cheers, Joerg .-.-. --... ...-- -.. . DL8DTL http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)