From nobody Tue Jun 9 23:12:46 2026 X-Original-To: freebsd-errata-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZl7L1Ty5z6gpYs for ; Tue, 09 Jun 2026 23:12:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZl7L0wtrz3MtL; Tue, 09 Jun 2026 23:12:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046766; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3PsK3be737IUe3RD6r2YUbiEbyb/XtWc9P/KWvpAV5I=; b=fDu/Dr0IqLDaq4r6nUpFzZZ641P2GEAEuezLEK1SHkadKErEqSGPvEMh+O8BKBb/Rckxiv 8dSUd1ep2U5HnmQnKgpkUkL9WHeALrGpoVb4F3U7IyHsNNBWPc4aMfLruIvUtoGB6pi8QF 2hA+pOCKxn6jsvsDfQrZRr0AgeYoshq8JdU+S84oGoYjQwWpafWr4DYy09KJAWyboFmWOX mx38Ol9RqAVoB71rG+uTSd3goAs8gk3EmQzw6V23nXaDdgTOw0IWOuubqwxcjG9Yv60NGK sn/9Xgutpjp1IV1I3kHW405iJy5lmzTdTyhsvmavTJyE7gFmf6Lpey88Mz826A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781046766; a=rsa-sha256; cv=none; b=khHH7v4JTeO7/cJ+s7xR9Q1TVcuNqJAHWJjc+b+xZaM0hIN+tF18If4MQCATwiHggalo7Y DPWNBI22RbTb1H5tbN7aANmFpkg7LU5PS3asKr+jUvVGJw15uVrHoEbUy3QB4RKLf24Pu3 b8o4bueaUXw6mCRF0CrAQFU8h+bB2Wvlw1NtBUPNZx0CWBG92W++5vWvq2v40ZhcVFhFpF Qv8R04IjIPntE27u7rkFgxfR/OTPGj1aNraPqwPRsWf9b6pAoOCpr4uFWHiuEpn4GwmDVs CqtiKpm/ABilD3oUSTOBRIprznbOk7vICDrenjUmcZhn5ryTMZw1pNJXJMArPQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781046766; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3PsK3be737IUe3RD6r2YUbiEbyb/XtWc9P/KWvpAV5I=; b=uB6UlvLCo7enOFM4yRJ2JUCr5egvDoNIDGJR7FZRTyF92arv06o5iE3zwZeZePZWMN4puV IZG9/9HrDrT/T0IuOlHbZ49ynwuqh5KkZjeJ6gJa2qTFNsT5n8nzk7KPwsJ6GkVYKu5Zkt 6ct7mnjyof4M5Huq5Mhvi3OPZApMAgF43Hym6W02O/U8i1XRm86+p3ixwUNQwLVh9PPbJU yrQVccSoHQFXXw3EEcn46DzzFfzEoHhwqyYrxq2zp7wN0tLnGq15DinrU4r+1p/Y3PYKoo /Y/NAM7aSzxGeI0NEG2WfObHd4oFBE+aTxKQSDI2y7jiGSj/f1KLBi3Kxc9ZvA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 12E851FB65; Tue, 09 Jun 2026 23:12:46 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-26:15.openssl Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20260609231246.12E851FB65@freefall.freebsd.org> Date: Tue, 09 Jun 2026 23:12:46 +0000 (UTC) List-Id: Moderated Errata Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-errata-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-errata-notifications@freebsd.org X-BeenThere: freebsd-errata-notifications@freebsd.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:15.openssl Errata Notice The FreeBSD Project Topic: Update OpenSSL to 3.0.20 and 3.5.6 Category: contrib Module: openssl Announced: 2026-06-09 Affects: All supported versions of FreeBSD. Corrected: 2026-04-12 02:15:10 UTC (stable/15, 15.0-STABLE) 2026-06-09 19:19:33 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-04-13 00:12:11 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:18:58 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:25 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789, CVE-2026-31790 For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description The OpenSSL releases included with the affected FreeBSD versions predate OpenSSL 3.0.20 (FreeBSD 14) and 3.5.6 (FreeBSD 15). This update imports the current upstream point release on each branch. The import resolves several issues affecting different OpenSSL versions, and therefore different FreeBSD versions. Instead of listing detailed writeups for each issue, please see the referenced advisory from OpenSSL. Issues affecting FreeBSD 15 (OpenSSL 3.5): CVE-2026-2673 - DEFAULT keyword corrupts the key-agreement group list CVE-2026-28387 - Possible use-after-free in DANE client code CVE-2026-28388 - NULL dereference when processing a delta CRL CVE-2026-28389 - NULL dereference processing CMS KeyAgreeRecipientInfo CVE-2026-31789 - Heap buffer overflow in hexadecimal conversion CVE-2026-31790 - NULL dereference processing CMS KeyTransRecipientInfo Issues affecting FreeBSD 14 (OpenSSL 3.0): CVE-2026-28387 - Possible use-after-free in DANE client code CVE-2026-28388 - NULL dereference when processing a delta CRL CVE-2026-28389 - NULL dereference processing CMS KeyAgreeRecipientInfo CVE-2026-31789 - Heap buffer overflow in hexadecimal conversion CVE-2026-31790 - NULL dereference processing CMS KeyTransRecipientInfo III. Impact The issues include missing input validation, NULL pointer dereferences, a use-after-free, and a heap buffer overflow. Impact is generally limited to a crash and a Denial of Service. See the OpenSSL advisory for specific details. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot is required following the upgrade to ensure that all applications and kernel code are rebuilt with the updated OpenSSL-provided code. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for an erratum fix" 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum fix" 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-15.0.patch # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-15.0.patch.asc # gpg --verify openssl-15.0.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.4.patch # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.4.patch.asc # gpg --verify openssl-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.3.patch # fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.3.patch.asc # gpg --verify openssl-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 51a80be04fe6 stable/15-n282933 releng/15.0/ 0f6e90c4cc4f releng/15.0-n281050 stable/14/ 27ac9d336f71 stable/14-n273945 releng/14.4/ 1bfe60bae8b8 releng/14.4-n273712 releng/14.3/ d95a8c20f3bc releng/14.3-n271512 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolw4bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv5ewP/3XwoJ809Y0eVU/MrvNM VujyPzQFeMYHg9Od8AYqCfL9AsJaPPnI9sDLHLTIlwfC34ahC8xksEhfpKAoVn/9 kSgKG8Evmb2xOxxz9mnH3cj/4IuyfvDoA7bWLI1yjdjXdm7rP9dE+nI0xktm1aeX TkMHrpTzeR0F/M1fehjuUuYKdHzINvorKFA49fZm3GvDWogLPWGzU2fLhpHwGa8Z D7Maxi9U+cuv5zlw6GxKHvPTJTwzLy7F9GejFEq+25YFdhvyKe7ZB8J33ttz1nlc Ee8z/QkJM/O8/YrvX2i4ZqFmSjgOPbOrbSOiLo13Yusj1TQn/wmsuymP4Vjxf7xM 7ERML9TW1yti0ZCxriwcWUNSt7agPqP18Gjo2las1v8EVuGZ3PB/EhMmP+s0RPtd ZhVSK7UVJiX0zrIhE5bse+2A67l71rDNLKh7pt7P2FFID2yKLDBgUjMoUbNODsvO rOeZ09ndMQT24yrkjYM7uKHqmicQs/uBJzXItEr8NU5psKe4gIAfzrWDSl6Lg53y yJPtEitkcGPHRwDV4fdCcauri2fiw1S8yWH6DXl/CLviAApE9w7NRpD181g0eo5E QkRHy/rge2A9vK00KGpZsm7HPeIggdob3iK9TkYg3N+tZhBRfh7WtnQR7ZN7iMpv J6mK8Rm9NoDASI4IXgdRR5gs =Ocgt -----END PGP SIGNATURE-----