From nobody Thu Jun 11 05:15:10 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gbW7K6B1Lz6hZyq for ; Thu, 11 Jun 2026 05:15:25 +0000 (UTC) (envelope-from aqua.shim@gmail.com) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gbW7J1xDYz3DjD for ; Thu, 11 Jun 2026 05:15:24 +0000 (UTC) (envelope-from aqua.shim@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20251104 header.b=DGlI6x39; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aqua.shim@gmail.com designates 2607:f8b0:4864:20::82d as permitted sender) smtp.mailfrom=aqua.shim@gmail.com; arc=pass ("google.com:s=arc-20240605:i=1") Received: by mail-qt1-x82d.google.com with SMTP id d75a77b69052e-5176465a4a4so101932701cf.2 for ; Wed, 10 Jun 2026 22:15:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1781154922; cv=none; d=google.com; s=arc-20240605; b=k3t+V4lkJSNPXXHG9y5UPtOKs1bDYfBK0kKU4Qiod3nlMg0IXSBtMV4Wt7OcYFdnnJ lH2eo+9BT8DELPALqMOTZ/xd2wZKeEu0knumINiWHtsw6A2F/ZZHhNetwlcfmRzAnspQ puenPGPR1vjNXFo1hTw0Clzl6vHtV87Tyjjb02q9SGlyx7s4sHc10gy6/riczeq13R9W 91FUQOYFz/hazBrZ7bv4eiErnYQQbqpZ98PsRcs7q8dnTVsd2EgNsXhfwrR6G3HCmINo r9irSwZAGMBcIiwaSz0GLpYrPdHl9+BeQurNSb11ME9HFSHHRlxF/e+vdKkRBD7N18qk S10Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; fh=8X/fzy6oRkinpO/u1+30mH2eQUCHV465yZU8zsG9ReM=; b=FPpxtA3ZCxw4pckKc3bbh7EEoVkOOq6miyBtOd4o0se83bkyhKH3ioocB9sFsygGD4 d6J8UvvpxvhCKMod2bfQ21h7mLieJyJipCUB/YalYNbn8As30Z7nsiSJHma1QewCkE0K wNNJQMaZp1zoskgTNH06Q0TouqLNj9RhM7DflNScSOOzMyyBgvapWxplO38FKh+RegiR TEnuacwjntJmmzR+lOjRSyGKenKi/W67fRJepauVKIP8XH9Du3KlFX7VFEztFzYac23q cekiJIE4l0WLAhRGK7OxsTJd0F8qRWroCOLR2oarkGMhtEpIaCaUOf4rSvgUIqHvpjVz 4QTA==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781154922; x=1781759722; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; b=DGlI6x390cmU1iYmW9rbWRPpz5PunPgtaEU44Ld+y/ol5UW/kF7uI8/HRXxEkUhEQw q6spoEAptZDCZnQ4XnrixArNE4/jb9EVhUsxmOUB1sZNTeg+Nx9Ycw1K2nk8zI9LoLug 0GvUtqFunOKaF8VrGJGL+AfPypouoxPyNxSrjgZMcFok8kuDQm0unucRC4dIbVBxaDrk dbKP+OGAtFs2ZVIoF2VYbhhwd2wcVNxgcsihOg1XKYYz35Nlhf7EGGOTHY2ylIGZ9LT5 D/PYJWtb6tFAMqhuvEzJ1YMZvITGhX1boYYx8I0TO6wKQ0bwF3WJpzet23QgvJwq6Ho4 E1rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781154922; x=1781759722; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=47S3TEYNC1X/VrsNBijHbB9a/AN3Xfbtwb0N4+BWKQ8=; b=EPPmSvquyAtfcDtlyjJHHMBVEwknHFR/DPab634miGiMfpFu802PXVwI3FghIn7fb0 Cj4tZurhyTNQK45nVTNUwLMg9j4yIFyoQm2TBHIYmxK6L5N2OkRn+8WpAwYLV7pvFn7Z RaBAPQ/ADOtb3ZWs/Mdvkitfeed9ihZ6Rf4a+tvTZkV8uCHGpw468nnM1G5jN5QKLN07 qQVCg14dJNZNk01VU/DfUIAuznWMDYUbXjoPZq9mRTLt5Iq4XxEDS9H+CYEPnKyVx6EF pBQBVkXSSt+Rs8HyB0LiKTQH1wpFXqSyhzPtEbN5a8YBtijVgxtGzun1XZg6GW+eJfp4 9cJw== X-Gm-Message-State: AOJu0Yw1a+UQSARs03YnrTc98O0Oc5iqe29laA3RkCHBwhji18968+wz 3ChA5jF3k5RpDb3gwv92K8seSpEKTAmDjFen5GftOWFfyS9lfgYJwPoe5Rb37MHsZ+ga2tGs5/q rWnJQ5LNLNBS2u2inWdwWCyLDyLfDh5rF8A== X-Gm-Gg: Acq92OF4f1jecfAeQO/xSwl9HILh9rVUJzvG4/mmc6zsy0RIVfuj0FSNoinzzjGc/TS mdk5reX2D11oWMYm2WNWfkhkBb12F9uS29sPc+T7vjaBEg6FCUydlTO0XcT2JWagp1n+SUlWxp+ 8y/L/miQkCc8/sgs9RY5pFrM9msONg4mt8ooexs7S/XCfCPYP5xtVv1Bj5GNvgdH/9rhD++oL1M K0Mr8//UeEqyS4jKRL9wlANLmR+dMtgsSAwdMmrQC0cl9KglJqziRrWABZVhjCEm5K6VYDzCwVM X0f1xN5nLVhFbROgSss= X-Received: by 2002:a05:622a:6103:b0:517:7188:c47a with SMTP id d75a77b69052e-517edd3738cmr22008161cf.2.1781154921886; Wed, 10 Jun 2026 22:15:21 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 References: <20260609231407.4C8371FCC4@freefall.freebsd.org> In-Reply-To: <20260609231407.4C8371FCC4@freefall.freebsd.org> From: Jason Shim Date: Thu, 11 Jun 2026 14:15:10 +0900 X-Gm-Features: AVVi8CeXlhrmG84flPt23OCi4SxPm8h4_1Mf3umwLR1yqmbytTakEFalUV2FfaE Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-26:35.openssl To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="00000000000068b7120653f3726d" X-Spamd-Result: default: False [1.74 / 15.00]; RBL_SEM_IPV6(1.00)[2607:f8b0:4864:20::82d:from]; NEURAL_SPAM_LONG(1.00)[0.997]; NEURAL_HAM_SHORT(-0.89)[-0.890]; NEURAL_SPAM_MEDIUM(0.63)[0.634]; BAD_REP_POLICIES(0.10)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TAGGED_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[gmail.com:s=20251104]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; DKIM_TRACE(0.00)[gmail.com:+]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::82d:from]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ARC_ALLOW(0.00)[google.com:s=arc-20240605:i=1]; R_SPF_ALLOW(0.00)[+ip6:2607:f8b0:4864::/56]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_HAS_DN(0.00)[] X-Spamd-Bar: + X-Rspamd-Queue-Id: 4gbW7J1xDYz3DjD --00000000000068b7120653f3726d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable unsubscribe On Wed, Jun 10, 2026 at 9:18=E2=80=AFAM FreeBSD Security Advisories < security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-26:35.openssl Security > Advisory > The FreeBSD > Project > > Topic: Multiple vulnerabilities in OpenSSL > > Category: contrib > Module: openssl > Announced: 2026-06-09 > Credits: See linked vendor advisory in References section > Affects: All supported versions of FreeBSD. > Corrected: 2026-06-09 19:17:36 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:15 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:54 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-06-09 19:17:54 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:16 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:46 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, > CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, > CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, > CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, > CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project > is a > collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit for the Transport Layer Security (TLS) protocol. It = is > also a general-purpose cryptography library. > > II. Problem Description > > Multiple issues have been reported as part of this advisory with differen= t > issues affecting different OpenSSL versions and therefore different FreeB= SD > versions. Instead of exhaustively listing detailed writeups for each > issue, > please see the referenced advisory from OpenSSL. > > Issues affecting FreeBSD 15.x (OpenSSL 3.5): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversi= on > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC key= s > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE > handler > CVE-2026-42764 - NULL dereference in QUIC server initial packet handlin= g > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption > CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and > PKCS7_decrypt() > CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate > handling > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > Issues affecting FreeBSD 14.x (OpenSSL 3.0): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversi= on > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > III. Impact > > The issues include heap buffer overflows and over-reads, NULL pointer > dereferences, a use-after-free, unbounded memory allocation, and several > cryptographic flaws permitting message forgery, integrity bypass, or > recovery of a private key. > > Security impact ranges from a Denial of Service to a potential remote cod= e > execution. See the OpenSSL advisory for specific details. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your vulnerable system installed from base system packages: > > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be update= d > via the pkg(8) utility: > > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your vulnerable system installed from binary distribution > sets: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 > platforms > which were not installed using base system packages can be updated via th= e > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 15.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch.as= c > # gpg --verify openssl-15.patch.asc > > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch.as= c > # gpg --verify openssl-14.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > Restart all daemons that use the library, or reboot the system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > - -----------------------------------------------------------------------= -- > stable/15/ 865c8ff56693 stable/15-n283889 > releng/15.1/ 083bb80a125a releng/15.1-n283559 > releng/15.0/ 0d6ccbb7524f releng/15.0-n281062 > stable/14/ ec6bfa889b83 stable/14-n274318 > releng/14.4/ 1929d9e173e5 releng/14.4-n273724 > releng/14.3/ dd3096b4efe6 releng/14.3-n271524 > - -----------------------------------------------------------------------= -- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat > > Or visit the following URL, replacing NNNNNN with the hash: > > > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > > > > > > > > > > > > > > > > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP > 1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD > McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo > N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8 > 764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw > /kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA > ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R > riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7 > Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE > CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es > uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH > 1srvsOXI5oN55cZrX4+H6G17 > =3DUV/w > -----END PGP SIGNATURE----- > > --00000000000068b7120653f3726d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
unsubscribe

On Wed, Jun 10, 2026 at 9= :18=E2=80=AFAM FreeBSD Security Advisories <security-advisories@freebsd.org> wrote:
-----BEGIN PGP SIGNED= MESSAGE-----
Hash: SHA512

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D
FreeBSD-SA-26:35.openssl=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Security Advisory
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 The FreeBSD Project=

Topic:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Multiple vulnerabilities in OpenSS= L

Category:=C2=A0 =C2=A0 =C2=A0 =C2=A0contrib
Module:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0openssl
Announced:=C2=A0 =C2=A0 =C2=A0 2026-06-09
Credits:=C2=A0 =C2=A0 =C2=A0 =C2=A0 See linked vendor advisory in Reference= s section
Affects:=C2=A0 =C2=A0 =C2=A0 =C2=A0 All supported versions of FreeBSD.
Corrected:=C2=A0 =C2=A0 =C2=A0 2026-06-09 19:17:36 UTC (stable/15, 15.1-STA= BLE)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:20:15= UTC (releng/15.1, 15.1-RC3-p1)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:19:54= UTC (releng/15.0, 15.0-RELEASE-p10)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:17:54= UTC (stable/14, 14.4-STABLE)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:19:16= UTC (releng/14.4, 14.4-RELEASE-p6)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2026-06-09 19:18:46= UTC (releng/14.3, 14.3-RELEASE-p15)
CVE Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0CVE-2026-7383, CVE-2026-9076, CVE-2026-= 34180,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-34181, CVE= -2026-34182, CVE-2026-34183,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-42764, CVE= -2026-42766, CVE-2026-42767,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-42768, CVE= -2026-42769, CVE-2026-42770,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2026-45445, CVE= -2026-45446, CVE-2026-45447

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/<= /a>>.

I.=C2=A0 =C2=A0Background

FreeBSD includes software from the OpenSSL Project.=C2=A0 The OpenSSL Proje= ct is a
collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol.=C2=A0 = It is
also a general-purpose cryptography library.

II.=C2=A0 Problem Description

Multiple issues have been reported as part of this advisory with different<= br> issues affecting different OpenSSL versions and therefore different FreeBSD=
versions.=C2=A0 Instead of exhaustively listing detailed writeups for each = issue,
please see the referenced advisory from OpenSSL.

Issues affecting FreeBSD 15.x (OpenSSL 3.5):
=C2=A0 CVE-2026-7383=C2=A0 - Possible heap buffer overflow in ASN.1 string = conversion
=C2=A0 CVE-2026-9076=C2=A0 - Out-of-bounds read in CMS password-based decry= ption
=C2=A0 CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing
=C2=A0 CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC = keys
=C2=A0 CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages =C2=A0 CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE = handler
=C2=A0 CVE-2026-42764 - NULL dereference in QUIC server initial packet hand= ling
=C2=A0 CVE-2026-42766 - Possible NULL dereference in password-based CMS dec= ryption
=C2=A0 CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption<= br> =C2=A0 CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and PKCS7_de= crypt()
=C2=A0 CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate ha= ndling
=C2=A0 CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q
=C2=A0 CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot pat= h
=C2=A0 CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV= modes
=C2=A0 CVE-2026-45447 - Heap use-after-free in PKCS7_verify()

Issues affecting FreeBSD 14.x (OpenSSL 3.0):
=C2=A0 CVE-2026-7383=C2=A0 - Possible heap buffer overflow in ASN.1 string = conversion
=C2=A0 CVE-2026-9076=C2=A0 - Out-of-bounds read in CMS password-based decry= ption
=C2=A0 CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing
=C2=A0 CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages =C2=A0 CVE-2026-42766 - Possible NULL dereference in password-based CMS dec= ryption
=C2=A0 CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q
=C2=A0 CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot pat= h
=C2=A0 CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV= modes
=C2=A0 CVE-2026-45447 - Heap use-after-free in PKCS7_verify()

III. Impact

The issues include heap buffer overflows and over-reads, NULL pointer
dereferences, a use-after-free, unbounded memory allocation, and several cryptographic flaws permitting message forgery, integrity bypass, or
recovery of a private key.

Security impact ranges from a Denial of Service to a potential remote code<= br> execution.=C2=A0 See the OpenSSL advisory for specific details.

IV.=C2=A0 Workaround

No workaround is available.

V.=C2=A0 =C2=A0Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system installed from base system packages:
Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
platforms, which were installed using base system packages, can be updated<= br> via the pkg(8) utility:

# pkg upgrade -r FreeBSD-base
# shutdown -r +10min "Rebooting for a security update"

2) To update your vulnerable system installed from binary distribution sets= :

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platform= s
which were not installed using base system packages can be updated via the<= br> freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/p= atches/SA-26:35/openssl-15.patch
# fetch https://security.FreeBSD.o= rg/patches/SA-26:35/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc

[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/p= atches/SA-26:35/openssl-14.patch
# fetch https://security.FreeBSD.o= rg/patches/SA-26:35/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc

b) Apply the patch.=C2=A0 Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook= /makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.=C2=A0 Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Hash=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Revision
- -------------------------------------------------------------------------=
stable/15/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 865c8ff56693=C2=A0 =C2=A0 stable/= 15-n283889
releng/15.1/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 083bb80a125a=C2=A0 releng/15.1-n283559 releng/15.0/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0d6ccbb7524f=C2=A0 releng/15.0-n281062 stable/14/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ec6bfa889b83=C2=A0 =C2=A0 stable/= 14-n274318
releng/14.4/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1929d9e173e5=C2=A0 releng/14.4-n273724 releng/14.3/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 dd3096b4efe6=C2=A0 releng/14.3-n271524 - -------------------------------------------------------------------------=

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=3DNN= NNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://openssl-library.org/news/secadv/= 20260609.txt>

<URL:https://www.cve.org/CVERecord?id=3DCVE-2026-= 7383>
<URL:https://www.cve.org/CVERecord?id=3DCVE-2026-= 9076>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34180>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34181>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34182>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-34183>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42764>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42766>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42767>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42768>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42769>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-42770>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45445>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45446>
<URL:https://www.cve.org/CVERecord?id=3DCVE-20= 26-45447>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD= .org/advisories/FreeBSD-SA-26:35.openssl.asc>
-----BEGIN PGP SIGNATURE-----

iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO
bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP
1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD
McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo
N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8
764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw
/kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA
ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R
riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7
Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE
CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es
uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH
1srvsOXI5oN55cZrX4+H6G17
=3DUV/w
-----END PGP SIGNATURE-----

--00000000000068b7120653f3726d--