git: 2bc6ddc2ba - main - Add EN-22:15 and SA-22:04 through SA-22:08.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Apr 2022 03:54:13 UTC
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=2bc6ddc2baefa8c681fe47056e03c4c9efa3e8a3
commit 2bc6ddc2baefa8c681fe47056e03c4c9efa3e8a3
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-04-06 03:53:31 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-04-06 03:53:31 +0000
Add EN-22:15 and SA-22:04 through SA-22:08.
Approved by: so
---
website/data/security/advisories.toml | 20 ++
website/data/security/errata.toml | 4 +
.../security/advisories/FreeBSD-EN-22:15.pf.asc | 128 +++++++++
.../advisories/FreeBSD-SA-22:04.netmap.asc | 155 +++++++++++
.../security/advisories/FreeBSD-SA-22:05.bhyve.asc | 160 +++++++++++
.../security/advisories/FreeBSD-SA-22:06.ioctl.asc | 153 ++++++++++
.../advisories/FreeBSD-SA-22:07.wifi_meshid.asc | 147 ++++++++++
.../security/advisories/FreeBSD-SA-22:08.zlib.asc | 155 +++++++++++
website/static/security/patches/EN-22:15/pf.patch | 25 ++
.../static/security/patches/EN-22:15/pf.patch.asc | 16 ++
.../static/security/patches/SA-22:04/netmap.patch | 70 +++++
.../security/patches/SA-22:04/netmap.patch.asc | 16 ++
.../static/security/patches/SA-22:05/bhyve.patch | 26 ++
.../security/patches/SA-22:05/bhyve.patch.asc | 16 ++
.../static/security/patches/SA-22:06/ioctl.patch | 108 ++++++++
.../security/patches/SA-22:06/ioctl.patch.asc | 16 ++
.../security/patches/SA-22:07/wifi_meshid.patch | 15 +
.../patches/SA-22:07/wifi_meshid.patch.asc | 16 ++
.../static/security/patches/SA-22:08/zlib.patch | 308 +++++++++++++++++++++
.../security/patches/SA-22:08/zlib.patch.asc | 16 ++
20 files changed, 1570 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 6a60b5b67b..78389d84e8 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,26 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-22:08.zlib"
+date = "2022-04-06"
+
+[[advisories]]
+name = "FreeBSD-SA-22:07.wifi_meshid"
+date = "2022-04-06"
+
+[[advisories]]
+name = "FreeBSD-SA-22:06.ioctl"
+date = "2022-04-06"
+
+[[advisories]]
+name = "FreeBSD-SA-22:05.bhyve"
+date = "2022-04-06"
+
+[[advisories]]
+name = "FreeBSD-SA-22:04.netmap"
+date = "2022-04-06"
+
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 069d06d5ea..04aeec64c2 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,10 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:15.pf"
+date = "2022-04-06"
+
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc b/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc
new file mode 100644
index 0000000000..83c6bf2721
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:15.pf Errata Notice
+ The FreeBSD Project
+
+Topic: pf(4) tables may fail to load
+
+Category: core
+Module: pf
+Announced: 2022-04-06
+Affects: FreeBSD 13.0
+Corrected: 2022-04-06 03:04:11 UTC (releng/13.0, 13.0-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+pf is an Internet Protocol packet filter originally written for OpenBSD.
+pf rules may reference address tables when applying policies to large
+sets of source or destination addresses. pf rulesets may optionally set
+a limit on the number of table entries allocated by the kernel, via the
+"set limit" pf.conf(5) syntax.
+
+II. Problem Description
+
+pf rulesets that set a limit on the number of table entries and include
+one or more address tables may occasionally fail to load. An initial
+load of the rules will succeed, but an attempt to re-load can fail. In
+this case, the problem persists until the system is rebooted.
+
+III. Impact
+
+Administrators may be prevented from modifying or updating pf rule
+sets.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:15/pf.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:15/pf.patch.asc
+# gpg --verify pf.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+releng/13.0/ 5b789e0c92a7 releng/13.0-n244792
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:15.pf.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDfcACgkQ05eS9J6n
+5cLFghAAkmY0crSbL/btcZ0h/Yoj9L6GGpoLzH68TPX2MK+e+fqoUZGiYdTPGnnW
+B+Px5/mEJKGb7kNmib2C/RfdwFiRzGIn+VQk/RrOlZxRz/vjSw9Z5yleMuXD0eFA
+r02BdZQS/lL5QVRaUr4GR9cPEdrvzl30NZmCc3Ejj3hTIimOIlGptuD681eIiQ7M
+3fwJC8TxSuZVdbrmP9U6uXQdiTxS18QbtscuBJhldhaBDI7+ZVL1ELHU10c+vs5U
+vp0AFJ8l87z2oonT2EHy4cOrjlW2T1OQknwdXIW/t9/6MZ7snMVubXjwqKxQVX1z
+v7tr9NBSf+FGeb/UdMZ39TxrXYm3kSgMfV4RX9JW2hCUNCbnGAJT8X9HRnK7/x1n
+zLY1v2GWbx9V+18oW8apYItEPSp7BcR+qCXMcMbyZaZpfOiYBugO92tkvK1JJlga
+BurDLFy+Fkv9L2+BQn++IlEOwTH8XQ9BfALlHMCEZSc//t6ALb9IIg3Wnra+4sZe
+EmfSFG7kKt0xa7ww0Xljt3XVsr6y8vEO/sHWopdm7Ydku1jh/ZT2VVPyEJiQpCHk
+dqDSZLI+MzXKb0uSFib+nfNlArbwtxv+NjzfTj0PHbBLuVVdtdWwcM45Yv/aNrjN
+SkYBk8eXEfhb+kUhfe7hnuwmmYfnFZg9JW4r6C//RBOVYB9u2Fs=
+=YFs6
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc b/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc
new file mode 100644
index 0000000000..989e7458f9
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:04.netmap Security Advisory
+ The FreeBSD Project
+
+Topic: Potential jail escape vulnerabilities in netmap
+
+Category: core
+Module: netmap
+Announced: 2022-04-06
+Credits: Reno Robert and Lucas Leong (@_wmliang_)
+ Trend Micro Zero Day Initiative
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-03-19 17:53:35 UTC (stable/13, 13.1-STABLE)
+ 2022-04-06 03:26:07 UTC (releng/13.1, 13.1-RC1-p1)
+ 2022-04-06 03:04:13 UTC (releng/13.0, 13.0-RELEASE-p11)
+ 2022-03-20 09:08:23 UTC (stable/12, 12.3-STABLE)
+ 2022-04-06 03:06:25 UTC (releng/12.3, 12.3-RELEASE-p5)
+CVE Name: CVE-2022-23084, CVE-2022-23085
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+netmap is a framework for extremely fast and efficient packet I/O for
+userspace and kernel clients, and for Virtual Machines.
+
+II. Problem Description
+
+The total size of the user-provided nmreq to nmreq_copyin() was first
+computed and then trusted during the copyin. This time-of-check to
+time-of-use bug could lead to kernel memory corruption. [CVE-2022-23084]
+
+A user-provided integer option was passed to nmreq_copyin() without checking
+if it would overflow. This insufficient bounds checking could lead to kernel
+memory corruption. [CVE-2022-23085]
+
+III. Impact
+
+On systems configured to include netmap in their devfs_ruleset, a privileged
+process running in a jail can affect the host environment.
+
+IV. Workaround
+
+No workaround is available. Systems that do not include netmap in their
+devfs_ruleset are unaffected. A default installation of FreeBSD does not
+include netmap in its devfs_ruleset.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:04/netmap.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:04/netmap.patch.asc
+# gpg --verify netmap.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 9f600a260a73 stable/13-n250049
+releng/13.1/ 7c55c52696d2 releng/13.1-n250081
+releng/13.0/ 4996f46e03a4 releng/13.0-n244794
+stable/12/ r371757
+releng/12.3/ r371870
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23084>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23085>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:04.netmap.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgUACgkQ05eS9J6n
+5cJ5oA/7BbWWbR3NEYYOSYBYDGtuRVUFFQYFLh35qcammhfATek0yMyqN47wHwq1
+/Nh+91ZHJBV/wNkr5aFsMcNda9c/a9CVQLjWwiT5wtOGHt3tip0dy4Kalc1bwewI
+tGhlCX5bROy0x7xP0+qNHmDRvEVDviash3Wp7Ysk2uzpZsXl0bew1dBwH/9dxnYv
+XwfCHfU3fUdeyWtAvswwTlx5XXXBdgvGAShsdZTjYlowUioL6E+m3w0xFdyae7q+
+MjaI9w06p+WJ89WTnwefLq5DwAi6eS+3qmZNJaU3Shq6tQo0TqrOfIuT3l8Id8tv
+f6XJBjZHDFJBbEofUREHjl0q7qAbZ2tBzxvDJWzGmBp98lSg0diIzyMmgOeUBT/1
+MG8LLK3e4Z+l5ZknDRJJ38yiUCR4ANaUEygYFVXAcb7QylMhmqcJ6hIAMpCiJ7NJ
+S+ftBNjC1S6RccATBJUX3/IyTvwigvQIybNzKlqIMEjSPd8mVSTpbir43dK8Vr5v
+kKmaqSsTN5Df3s+yPn8uBG9VXhO0cNtLBxFJ8eWsI5mLigpCFD2KkvO06oLE9ALa
+fhEZxIy0bD4GbambenfZ2xxaSoZSIeAh1pM5aL4x/C4r7R0p8dH3ldkTDKWfqtfE
+/gaVGCSle/K0I6y1LUhWLdD7FlOLScHRkVF2sIGSDP4KTbH7H18=
+=EwyH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc
new file mode 100644
index 0000000000..3d8ba5176c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:05.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Bhyve e82545 device emulation out-of-bounds write
+
+Category: core
+Module: bhyve
+Announced: 2022-04-06
+Credits: Mehdi Talbi, Synacktiv
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-04-05 22:59:52 UTC (stable/13, 13.1-STABLE)
+ 2022-04-06 01:56:57 UTC (releng/13.1, 13.1-RC1-p1)
+ 2022-04-06 03:04:14 UTC (releng/13.0, 13.0-RELEASE-p11)
+ 2022-04-05 23:03:35 UTC (stable/12, 12.3-STABLE)
+ 2022-04-06 03:06:28 UTC (releng/12.3, 12.3-RELEASE-p5)
+CVE Name: CVE-2022-23087
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest
+operating systems in virtual machines. It implements a number of device
+models, including an emulated Intel 82545 network interface adapter.
+
+II. Problem Description
+
+The e1000 network adapters permit a variety of modifications to an Ethernet
+packet when it is being transmitted. These include the insertion of IP and
+TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation
+offload ("TSO"). The e1000 device model uses an on-stack buffer to generate
+the modified packet header when simulating these modifications on transmitted
+packets.
+
+When checksum offload is requested for a transmitted packet, the e1000 device
+model used a guest-provided value to specify the checksum offset in the on-
+stack buffer. The offset was not validated for certain packet types.
+
+III. Impact
+
+A misbehaving bhyve guest could overwrite memory in the bhyve process on the
+host, possibly leading to code execution in the host context.
+
+The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD
+version and bhyve configuration) limits the impact of exploiting this issue.
+
+IV. Workaround
+
+Only the e1000 device model is affected; the virtio-net device is not
+affected by this issue. If supported by the guest operating system,
+presenting only the virtio-net device to the guest is a suitable workaround.
+No workaround is available if the e1000 device model is required.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and restart bhyve virtual machines.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386 platforms can
+be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:05/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:05/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable bhyve virtual machines, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 53f722094798 stable/13-n250272
+releng/13.1/ 5a28d8befda0 releng/13.1-n250078
+releng/13.0/ b85c68857da3 releng/13.0-n244795
+stable/12/ r371867
+releng/12.3/ r371871
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23087>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:05.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n
+5cJERBAAoqZXVIwucgIMLepm3hQdmYsuYGDhfp12ggOR8GO/a9oL9c21u5JSSNUq
+w966VU8u2Tv3JjKhNpXWSR9hbUSTuEWarkcrutNDe69GwcWv0Q8DU3DwhfrT6e9K
++IO/yMNUUBL9LlWRW4XftiowNV2r9KvqzYsGbk8Wi+bN1Vd9gXo1r31Nu3Y3JBls
+EOjk8aoDuCCUqZKVjKw7VNXDjAo3MKnnt7s6nRLSJRvJH7iDGxttWGbAiREqLO07
+Aqg0ZUbbtUs8PvOL38yj/eiC4tLdOGna+Nm7VNoiS+Ee2uL/tbGU079UCgqgSJ7k
+/0U8nrDss8NRirsFEbpYiNFs2zi+6dtRKjAzMGKxMU6TTnHodzfLBGsrOws5TmlS
+bblLVykXBT1egNT180gCNjBRdK2mYaF23wVEPbd8bg0+JPfG5MyylG137uJJw2B0
+24RZpY3ciRCUw6xn9mRk//SOQh4fvtLSdNPfGtoYtHmzhao8wvWBqPw7SvkMkUP4
+hsdNeutyIZjqTCDvtUD4Ge81BPLnW8fUkd7yNLbWFLGBqZGlCs/xBdmTqCS/XLF7
+y9cPEsS7wb1sZS087uULgUrEDFPCnktozZ1ycCwoqCZy7dt6/zYFrYH1xu3AN+Ji
+hso4aoM18gVNadHfMRqHNClBDO0iaxuXPrg+SMqffOrdQCznQ3k=
+=CgB+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc b/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc
new file mode 100644
index 0000000000..59e4942f2f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:06.ioctl Security Advisory
+ The FreeBSD Project
+
+Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write
+
+Category: core
+Module: mpr, mps, mpt
+Announced: 2022-04-06
+Credits: Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-04-04 00:46:25 UTC (stable/13, 13.1-STABLE)
+ 2022-04-04 16:24:36 UTC (releng/13.1, 13.1-RC1-p1)
+ 2022-04-06 03:04:16 UTC (releng/13.0, 13.0-RELEASE-p11)
+ 2022-04-04 00:47:44 UTC (stable/12, 12.3-STABLE)
+ 2022-04-06 03:06:31 UTC (releng/12.3, 12.3-RELEASE-p5)
+CVE Name: CVE-2022-23086
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+mpr(4), mps(4), and mpt(4) are disk controller drivers. They export an
+ioctl(2) interface used by command-line utilities to query or set properties
+on the device.
+
+II. Problem Description
+
+Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers
+allocated a buffer of a caller-specified size, but copied to it a fixed size
+header. Other heap content would be overwritten if the specified size was
+too small.
+
+III. Impact
+
+Users with access to the mpr, mps or mpt device node may overwrite heap data,
+potentially resulting in privilege escalation. Note that the device node is
+only accessible to root and members of the operator group.
+
+IV. Workaround
+
+No workaround is available. Systems that do not use mpr(4), mps(4) or
+mpt(4) are not affected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:06/ioctl.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:06/ioctl.patch.asc
+# gpg --verify ioctl.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 0b29e1b9f9df stable/13-n250225
+releng/13.1/ aef190f298af releng/13.1-n250066
+releng/13.0/ e724f3ce7970 releng/13.0-n244796
+stable/12/ r371855
+releng/12.3/ r371872
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<other info on vulnerability>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23086>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:06.ioctl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n
+5cJ1FRAAopRAsQL1viniZ9DvKUbq5cDwRvvaoTn4nzTs5+T51KoTwkzwfsAZy6jR
+ixOlaGTSRxWzTrLa5Kq6DxHEevrzxmJRc03YZ0GrfbSQNoaW6SGv+lXY9SEbm86K
+T3D//J42pSAmxLOteQDXqds5I4Xd9eDrrLzQjATxb9KqO1BYCWXCvPUQfRNksL6t
+eXnwT0+1AluGOw0YkyZ4nB62mtO5qwFPI1T/paIRAe8G38gW5xn821fYcJUR/fbd
+K6GUDdHvVsobI99nohiZcPoMH8peAoBntmWsOxMtd2goc6useAGE5xdvXB1EDBMe
+W/4ZCUNg5jhw+ceVIPw248DcvT9YVp6NtYbqvxcz2SQ5MNY3B4sgZCSuYeDUqtYF
+uYmJN5EHALyQPe1vPwTqM+INm5/T3Ft3Y3kWKgk5+PNSrClJNpkOASPps3hnJmM+
+i7kK/GnH0TEZbinPY4J//8o6IuZpX1o+5JWWbSZPcDo/2IxlR+sAe72hOVq5w/Bp
+2GT9aJmktRlJ8Spfr7QYy2LJBRUVN9zAlnfyZJ2Hil4i03lrmP/nByEBiAWxSfo4
+ECIs5viR34U0gTJ8qbl6YJQrikWqUcYPcrPcx3iMT0fLXCaVGfB7jxZZc7jXsVc+
+nf+uJPY4z95eqbCrTHuLj9ReBLOA7nG3Vi/FI0N3sEJkBOb1tHU=
+=kPAj
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc
new file mode 100644
index 0000000000..c2ce62f3b0
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:07.wifi_meshid Security Advisory
+ The FreeBSD Project
+
+Topic: 802.11 heap buffer overflow
+
+Category: core
+Module: net80211
+Announced: 2022-04-06
+Credits: m00nbsd working with Trend Micro Zero Day Initiative
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-04-05 22:59:53 UTC (stable/13, 13.1-STABLE)
+ 2022-04-06 01:56:58 UTC (releng/13.1, 13.1-RC1-p1)
+ 2022-04-06 03:04:17 UTC (releng/13.0, 13.0-RELEASE-p11)
+ 2022-04-05 23:03:40 UTC (stable/12, 12.3-STABLE)
+ 2022-04-06 03:06:33 UTC (releng/12.3, 12.3-RELEASE-p5)
+CVE Name: CVE-2022-23088
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD's net80211 kernel subsystem provides infrastructure and drivers
+for IEEE 802.11 wireless (Wi-Fi) communications.
+
+II. Problem Description
+
+The 802.11 beacon handling routine failed to validate the length of an
+IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.
+
+III. Impact
+
+While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with
+a SSID) a malicious beacon frame may overwrite kernel memory, leading to
+remote code execution.
+
+IV. Workaround
+
+No workaround is available. Systems not using Wi-Fi are not affected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch.asc
+# gpg --verify wifi_meshid.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 72617f9246e3 stable/13-n250273
+releng/13.1/ 00cc1ce78da3 releng/13.1-n250079
+releng/13.0/ b2b23824272d releng/13.0-n244797
+stable/12/ r371868
+releng/12.3/ r371873
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23088>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n
+5cL+FQ/9FPr6zxTpQ9HMQym2BYnZZHXLFWE2ALDLXE8UYiNa6vLaeIvO4f/bzS6b
+StHq4YoLTU6tPtTVXu1MTv+BZmDcavtKtBohppkcSdV2Xs2zHrlcUGNBlJdWWUR6
+vgcRsI8EhdrFltKoeJ+L7bfHCzE4oGAFKhvap7DL8URrt+a7S0mkfdaX9o7RSQi3
+vku98kns+ylV4T+DgY5KO21rnzwopIkmw3XlRO+S0XILK/h+7EWvcrOTTEV+byQM
+vZL17NlumXhrZvg3nQIgpTmai7B8hFCVvRYy8aT8ygRSgEWG5ZtJVuPtgmJ7TMPg
+mZneNAQ3eJep4l53nRu3mlxvwJYm9KR/RYDIf6iHhkVStPGv4+9wPSqHZXzn/bDy
+MLTHNcOi6wBmRMi+JsR4QkhS6VukFlZvNl4UhXRG7Lx2Tss5CG/SKXCEHcwOYcZY
+TEIJY2iDoTTU3jEYWclvcmLMKn3yRfyox1vpv71Ugh33L0lgM22P/5+p/jebeQvL
+xl62ZEZZUzOeHfDzMNKi4yFhi4RvRA8exmVTKjPbqiDPIpUQFrCLWvbzeQhUbeSm
+zsldDRAf51jeJbahwSfujqjJ7NOum0iY1qTSqgV3JLvAjShQHCMYCK12zlwT42CM
+3Op+ruTU7mx9UhjerQtklrzP1qE9i6A9D5Kk/MZSOA4zRbuFTRw=
+=uFZx
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc
new file mode 100644
index 0000000000..14ba774c80
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:08.zlib Security Advisory
+ The FreeBSD Project
+
+Topic: zlib compression out-of-bounds write
+
+Category: zlib
+Module: contrib
+Announced: 2022-04-06
+Credits: Danilo Ramos of Eideticom
+ Tavis Ormandy of Google Project Zero
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-04-04 19:30:33 UTC (stable/13, 13.1-STABLE)
+ 2022-04-04 20:02:42 UTC (releng/13.1, 13.1-RC1-p1)
+ 2022-04-06 03:04:19 UTC (releng/13.0, 13.0-RELEASE-p11)
+ 2022-04-04 01:07:59 UTC (stable/12, 12.3-STABLE)
+ 2022-04-06 03:06:39 UTC (releng/12.3, 12.3-RELEASE-p5)
+CVE Name: CVE-2018-25032
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+zlib is a compression library used by numerous applications, as well as some
+FreeBSD kernel components, to provide data compression/decompression
+routines.
+
+II. Problem Description
+
+Certain inputs can cause zlib's compression routine to overwrite an internal
+buffer with compressed data. This issue may require the use of uncommon or
+non-default compression parameters.
+
+III. Impact
+
+The out-of-bounds write may result in memory corruption and an application
+crash or kernel panic.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch.asc
+# gpg --verify zlib.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>.
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ c4727a47f18c stable/13-n250251
+releng/13.1/ f5196112e8bd releng/13.1-n250070
+releng/13.0/ 9854ff088002 releng/13.0-n244799
+stable/12/ r371856
+releng/12.3/ r371875
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
*** 749 LINES SKIPPED ***