git: f9f3f4b9a1 - main - Add EN-22:21 through EN-22:27.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Nov 2022 22:09:30 UTC
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=f9f3f4b9a13c9e4107f78d997719cfb0c0bdd869
commit f9f3f4b9a13c9e4107f78d997719cfb0c0bdd869
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-11-01 22:08:49 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-11-01 22:08:49 +0000
Add EN-22:21 through EN-22:27.
Approved by: so
---
website/data/security/errata.toml | 28 +
.../security/advisories/FreeBSD-EN-22:21.zfs.asc | 135 +
.../advisories/FreeBSD-EN-22:22.tzdata.asc | 180 ++
.../security/advisories/FreeBSD-EN-22:23.vm.asc | 130 +
.../security/advisories/FreeBSD-EN-22:24.zfs.asc | 130 +
.../security/advisories/FreeBSD-EN-22:25.tcp.asc | 140 +
.../security/advisories/FreeBSD-EN-22:26.cam.asc | 128 +
.../advisories/FreeBSD-EN-22:27.loader.asc | 127 +
website/static/security/patches/EN-22:21/zfs.patch | 23 +
.../static/security/patches/EN-22:21/zfs.patch.asc | 16 +
.../patches/EN-22:22/tzdata-2022f.12.patch | 3183 ++++++++++++++++++++
.../patches/EN-22:22/tzdata-2022f.12.patch.asc | 16 +
.../patches/EN-22:22/tzdata-2022f.13.patch | 3183 ++++++++++++++++++++
.../patches/EN-22:22/tzdata-2022f.13.patch.asc | 16 +
website/static/security/patches/EN-22:23/vm.patch | 26 +
.../static/security/patches/EN-22:23/vm.patch.asc | 16 +
website/static/security/patches/EN-22:24/zfs.patch | 12 +
.../static/security/patches/EN-22:24/zfs.patch.asc | 16 +
website/static/security/patches/EN-22:25/tcp.patch | 104 +
.../static/security/patches/EN-22:25/tcp.patch.asc | 16 +
website/static/security/patches/EN-22:26/cam.patch | 18 +
.../static/security/patches/EN-22:26/cam.patch.asc | 16 +
.../static/security/patches/EN-22:27/loader.patch | 14 +
.../security/patches/EN-22:27/loader.patch.asc | 16 +
24 files changed, 7689 insertions(+)
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 657fa4133e..abe9329081 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,34 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:27.loader"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:26.cam"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:25.tcp"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:24.zfs"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:23.vm"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:22.tzdata"
+date = "2022-11-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:21.zfs"
+date = "2022-11-01"
+
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc
new file mode 100644
index 0000000000..658e035d7b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:21.zfs Errata Notice
+ The FreeBSD Project
+Topic: ZFS B-Tree use-after-free
+Category: contrib
+Module: zfs
+Announced: 2022-11-01
+Credits: Richard Yao and Coverty Static Analysis
+Affects: FreeBSD 13.1
+Corrected: 2022-10-04 15:52:45 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 18:03:25 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+II. Problem Description
+
+The B-Tree implementation in ZFS contains a heap use-after-free bug. When
+removing entries, the node memory is freed before it is removed from the tree,
+and the remove operation itself requires modifying the memory containing the
+node. This creates a race window when one thread is removing data from the
+B-Tree and another is performing an allocation. In the case the removing
+thread loses the race, it will corrupt the B-Tree.
+
+III. Impact
+
+The use-after-free can cause system instability or data corruption.
+
+Systems with debug kernels may sometimes detect this issue after a kernel
+memory corruption has happened. When they do, they will trigger a kernel
+panic to protect the system from further damage. The following is printed
+to dmesg at the time of the panic:
+
+panic: VERIFY3(zfs_btree_find(tree, value, &where) != NULL) failed...
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and then reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:21/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:21/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ f193a24ec570 stable/13-n252634
+releng/13.1/ 8838c650cb59 releng/13.1-n250167
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://github.com/openzfs/zfs/pull/13861>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:21.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlpgACgkQ05eS9J6n
+5cJtMQ//aZXPrFWqJxVIn87FtHClwKykAaWWcN+iuT4wTVss0OTbaFc1k+UBPf+9
+wdjmt6Io9xUK4FT5TcMIyzF6I7XaxG/up8572NPUQp+eOa4AI8862QLLF7pi26RT
+Fyb+Ywjsw1d30NXcTE4+K5UMUgISFVFkor9d07wWd7sQwU/o4bzHBWFSFSI18l70
+zsjyN3wrLQaSHmBb6kZ7OrycBc52Rw00segXCJGxLEpiViPSC5HY6DJYdWyn0bNM
+1xvG3DkYQDBWGNQgWB6ldOM5nmOqY6zSPFTK9byqOwz6CHmfRYqmLpx3czuAO3U6
+PpsTYG7PKpFBviP99jg6XsEYigoMHaHIcBzUSP+DYYO9JlyrzRmbQ6MIkRN+YD59
+1CK0n7+WuQpjBXgFmIEKtM2xJ4sh+aQxdV4SwIEmMTAaNs4PFivNzEgwpj4Txh+q
+aUbY6l9O2H8ERvFokF94/ea5ahOhVaTgaipN2O92rvldiy3zTqv5DP3hX4tU1oaG
+n0s57pn/uF+aYVMtzk1opNpZdqH8AkKX1Q7Opha/IEvnk48Njgbwtf9HVEeo65Ec
+njvc63PZel0cbzk6ZA4BS7BX3UtSHURmFOjiRUV1DI9yUsLXuEbM0LtH3Zpgyzr0
+7U+YHLB4z3LxdK9ZuWo2uSCF/5iVyyjGSdOGuu2ISJis+vp9PCg=
+=9c/T
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc
new file mode 100644
index 0000000000..45991ec800
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc
@@ -0,0 +1,180 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:22.tzdata Errata Notice
+ The FreeBSD Project
+
+Topic: Timezone database information update
+
+Category: contrib
+Module: zoneinfo
+Announced: 2022-11-01
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-11-01 01:06:25 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 18:03:24 UTC (releng/13.1, 13.1-RELEASE-p3)
+ 2022-11-01 01:07:17 UTC (stable/12, 12.4-STABLE)
+ 2022-11-01 20:35:42 UTC (releng/12.3, 12.3-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The IANA Time Zone Database (often called tz or zoneinfo) contains code and
+data that represent the history of local time for many representative
+locations around the globe. It is updated periodically to reflect changes
+made by political bodies to time zone boundaries, UTC offsets, and
+daylight-saving rules.
+
+FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo.
+The tzsetup(8) utility allows the user to specify the default local time
+zone. Based on the selected time zone, tzsetup(8) copies one of the files
+from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected
+for an individual process by setting its TZ environment variable to a desired
+time zone name.
+
+II. Problem Description
+
+Several changes to future and past timestamps have been recorded in the IANA
+Time Zone Database after previous FreeBSD releases were released. This
+affects many users in different parts of the world. Because of these
+changes, the data in the zoneinfo files need to be updated. If the local
+timezone on the running system is affected, tzsetup(8) needs to be run to
+update /etc/localtime.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected time zones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV. Workaround
+
+The system administrator can install an updated version of the IANA Time Zone
+Database from the misc/zoneinfo port and run tzsetup(8).
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Please note that some third party software, for instance PHP, Ruby, Java,
+Perl and Python, may be using different zoneinfo data sources, in such cases
+this software must be updated separately. Software packages that are
+installed via binary packages can be upgraded by executing 'pkg upgrade'.
+
+Following the instructions in this Errata Notice will only update the IANA
+Time Zone Database installed in /usr/share/zoneinfo.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.1]
+# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.13.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.13.patch.asc
+# gpg --verify tzdata-2022f.13.patch.asc
+
+[FreeBSD 12.3]
+# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.12.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.12.patch.asc
+# gpg --verify tzdata-2022f.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 46d324ec6502 stable/13-n252892
+releng/13.1/ 0bcdf24a7cf3 releng/13.1-n250165
+stable/12/ r372688
+releng/12.3/ r372694
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://github.com/eggert/tz/blob/2022d/NEWS>
+<URL:https://github.com/eggert/tz/blob/2022e/NEWS>
+<URL:https://github.com/eggert/tz/blob/2022f/NEWS>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:22.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhl5cACgkQ05eS9J6n
+5cLCHg/5AX0d3XNjxGdEhrn8d9xFEtnV75WJKJ+o+jHUCfYNnTD1EJY3Q9EbIoWT
++52Qgcr8HVTZKxKaMoEaR8iDMNwzYbQ1PZrRlXbE8Iant4ULw4cgctIaxtNtUMSM
+wRJatQ1LjXp9VjdLv8BCn1jXoVFstUjonLskQ8tNOUrvF1APGgXZRC/B+kt/gs1L
+9b2Qs5vZ4e1ycfFiQyw1+ACpQjFB/s4XaN1BQx5JdFBpK8uhg4/LaxMIKA5Fmixh
+xNb+VJ6kCxi0swTzsqKnU67OM5k4Dl+loz82d5X3imB4EZmJ6Pv7e9XX2EfGpQXz
+5ABxbEzAqN7GCRmCV86dZYThLJiw+vCJnAyX5hXsFup09UpInN7xzrlJ7BiRZ254
+CBtPmj0d6tedkUahG0/GxgU8zl8L3MU/Mwbvg8wHcejciTrjcj94TZBRUxq88E+8
+DHEMsumzSAmD73CWrpUG6KsdtmA55opKodqeCwSG7zmzibaMKYabPJ/4Yq7kZNnq
+58uiMLwk2CYwZfbqEHdbUP96G7BxINY1rMHq72kbZ02PzYkFA2vDFM84EqZq1F9B
++ET3Nkucx0FIVhd/zU5cYKuvC7+REXpIxy0SagVumBMgNiREeRwgVC7mghCuM3Vy
+DC40UWQBY4SHzU+LpKiagArRJZVPMMA2zbSyp7BkS546oAaHn1Y=
+=TNmt
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc b/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc
new file mode 100644
index 0000000000..dfdb6cd733
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:23.vm Errata Notice
+ The FreeBSD Project
+
+Topic: Memory pages become unreclaimable
+
+Category: core
+Module: vm
+Announced: 2022-11-01
+Affects: FreeBSD 13.1
+Corrected: 2022-10-12 13:49:25 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD kernel's VM subsystem manages system memory. Among other
+responsibilities, it provides a page allocator and maintains a pool of
+free pages. When this pool is depleted, the VM reclaims allocated pages
+from a set of page queues.
+
+II. Problem Description
+
+In certain workloads, allocated pages are not enqueued as they should
+be, causing them to become unreclaimable when free memory is scarce. In
+some situations the memory may become available again following restarts
+of services (e.g., database servers) which are triggering the bug.
+
+III. Impact
+
+System memory could become inaccessible to the page daemon, resulting
+in less memory available for caching. In some cases this can result in
+out-of-memory process kills.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +5min "Installing errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:23/vm.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:23/vm.patch.asc
+# gpg --verify vm.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 6094749a1a5d stable/13-n252707
+releng/13.1/ 4867d7d34dfd releng/13.1-n250160
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256507>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:23.vm.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlqQACgkQ05eS9J6n
+5cKKfg//f+YhLk47E5Bk/KZ07ONQ7xN0W9YZyz1P4iLc85LIaszC8+L8auwM+uR4
+ufvo4ToDzbDq0v+2mHUdgQ7CVylOzAb114z8ZFADHhlBJeft5pdzm+/R3wfqADbm
+VL2I6uqjsQiH41umNgZQtyQh15LBWUlvrDd7r5dGVMzU0+VXNTngP58Jn7kqiUPg
+jwUQk6l/PPRLRGqX5RJHoz8traCLsd7i+58/FPyaofrtrwl97uxtcbBEcPvcXsrL
+yTnTcyPHnR8lqgmNXExcOPxfMBFz0sXgfDIXebnEP+inMx4gF2U3CBJuTCww8NWV
+M4R7bj1HjWw8WZV1dZUFB73qx4r51iKanYQsqFVEWl7KnhQL6zG8nCt4iPR0wiKJ
+x7qIRGtXCgzZieg0fQnsNjSdjjiIQmLCOq6BTmG1X5tcLF7hAM8D42RFGSbvLhNU
+cGP/1Gd1iK72VqBRCSHKhZi79//YA8lI+f3b7ORMB9Q5cmy9l0A0nMO2EpBdc7x/
+0VGSXMaVaegaKGb3vXteVvmqtHAWg2NiBMgUHb3oMEXdbjsymmgkCsTciuiYDLxQ
+Y/XdbtMHZi7VpZNS3Qt6wIpAEhSDxYsgf2+7/22Ni09Awn5H2/F3DCeo0dU8hWR1
+gksYdLbwRI+By8hguqALkpC1lP/M8Hc/HBrEiG6OqY+OvZr43OA=
+=n7Mz
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc
new file mode 100644
index 0000000000..b8a30a101f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:24.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS snapshot directories not accessible over NFS
+
+Category: core
+Module: zfs
+Announced: 2022-11-01
+Affects: FreeBSD 13.1
+Corrected: 2022-10-27 12:00:01 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+Snapshots of a ZFS dataset can be accessed through a hidden directory,
+.zfs/snapshots, located in the root of the mounted dataset.
+
+II. Problem Description
+
+A kernel regression caused all dataset snapshot directories to become
+inaccessible over NFS. Any attempt to access individual snapshots would
+return an error message mentioning a stale file handle.
+
+III. Impact
+
+Workflows which rely on ZFS snapshots being accessible over NFS are
+broken.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +5min "Installing errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:24/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:24/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 562c9ac58c76 stable/13-n252848
+releng/13.1/ 7ab877cb3f9d releng/13.1-n250159
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266236>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:24.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlqQACgkQ05eS9J6n
+5cJZcg/+MejjhAq/rpPema1jiqGkD8eTRTw+zmufvqBKwnLdZycwndza2su7xpD+
+30dbVVcY5Suhr5mElt5C6mdU+YCrqLG9o1zAI9QX7hx3PsnqIMBzudgK9TkjtK2n
+WiG36PvA+rSIdjE8jw2quv9LMLycRiSevQGWDiD4rGm7JLdet2XH4ioHy1v3rPWe
+kB4365zSmPGi4fLalpEFYD6pid2kbS0gUZvhxrEAoy11WFwT+upjdlfD0aJDsoTo
+8wvZ1hvoHGYjsmYXLSKmJXO+6J0pTnI5QuohySi0RYUEFtws1IlD+JIxWUdP8ejh
+ODPX2mDpP3ySl26HbTzCViJkd3z87F9hV8jaxo57azrD9kYpsWLq/UtsB2Fr2hcA
+tYFCvqQ7fftx6Pf5xLOQvQTqwlFpx6M+EoWUV8RKa11jdMv6ndbMuZoY0j99iuYD
+qEqi4T08b10SeI7aueOJZGuEYAab5ZcULgA1OOmmetIyAZccGcbvDqUajNabS+QC
+QKgHNi94ZVJbEyFTQ9cnZBFn1/Bet9pC9Yj/5qtVsN9a5cKD0t1TEeXWZtZ+Qkm8
+V73qmq3qty2QfPqw7spVykIUzHlOyongMGNQx0sPHDDy5UucFtv6Itj6o/nlhuo1
+veecgamjvnPzROzCTe/UVbp7tliv6fpTHDc/T+ewQwF03xJoA1Q=
+=8q+F
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc b/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc
new file mode 100644
index 0000000000..34870f06c0
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:25.tcp Errata Notice
+ The FreeBSD Project
+
+Topic: Possible data corruption with TCP SACK retransmissions
+
+Category: core
+Module: tcp
+Announced: 2022-08-28
+Credits: Richard Scheffenegger
+Affects: FreeBSD 13.1
+Corrected: 2022-09-14 01:28:03 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+TCP supports an enhancement that allows faster recovery and retransmission of
+data when loss is discovered called Selected Acknowledgements (SACK).
+
+SACK allows a TCP sender to communicate more information about which segments
+are lost. During a SACK episode a TCP sender will reduce its rate to avoid
+causing congestion on the network.
+
+II. Problem Description
+
+A change made to make TCP more resilient and effective when handling loss
+recovery by SACK, could lead to connection interruption when incoming ACKs
+suddenly no longer contain SACK blocks.
+
+III. Impact
+
+This can lead to correct data being placed at the wrong offset in the
+stream in a non-deterministic manner. This can result in termination of
+the TCP connection by the application or in the worst case silent data
+corruption.
+
+IV. Workaround
+
+Disable SACK globally by setting the net.inet.tcp.sack.enable sysctl to 0:
+
+ # sysctl net.inet.tcp.sack.enable=0
+
+Note that this will only affect new connections. Thus, either persist the
+setting in /etc/sysctl.conf and reboot, or ensure that any critical connections
+are restarted after modifying the sysctl setting.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+A reboot is required for these changes to be applied.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is required for these changes to be applied.
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch.asc
+# gpg --verify tcp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 2b8ee332b938 stable/13-n252399
+releng/13.1/ dd35207e2025 releng/13.1-n250162
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:25.tcp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmIQACgkQ05eS9J6n
+5cLiKA/+NSB8VRq7tjXC0+MFQAPEL9YUtQYyRfn8u3YywHli/6RTeTQPKfd6BnvK
+T1clrnVFgp97QG948WAQ7ehct1GRAlrOagVHP0DnQqqQnTmoIVO0vyMVlQ1ONcAY
+GO3VxZfEUJhbtcSLIdT03RG3Y+lK7R4Bs6mplkBUpVGOtrhtdmNBULgC8N1HiwHg
+wJJpr/9/EMPqGXVtm1MzvgeKH4SIfNsDoiS4W90g1CepsPWylY+vsVjPhXR74gxz
+peNHKFQM7SpTm1hc9YqwjyU5qFExq/O+je273sykyld6ZcJCpKe50+dE8D+gHpu6
+6CwiLb+uDQcF3RN9ofunRDvpYdtl1muT2/zQQ6yJ6DWJzvWpav+PTA4gEeDj8b+b
+eu8wR7IoSPAHxqnGrvmB1EVn1tvFLF/mtcsrE1fdGviNf5LI/P5OYgZ6pkHaEJoN
+NNnhPWZlteFsXYvD+Rz6rlhM86wE2/5Zj88oR36K6xUtbUimmES4NOU82q9MFMPU
+nzOqflNf194o71ZbjdJK1gIemijRP90helrhGNHMBVdRM6UD/MywL349jIDzwp7Y
+V3Jlpd+yU6K5Yuw5+nG7Z6oEJTwQI7vKNkEg6xnjpaaH47NaijGZDFb3SXvvCW4e
+f/x3Y7sMPIRJIaKxKIbcRodeGChkkMZDEQ69OyuxBeP6Xo6OKOg=
+=GANq
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc b/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc
new file mode 100644
index 0000000000..00c02d7e79
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:26.cam Errata Notice
+ The FreeBSD Project
+
+Topic: CAM ioctl(2) compatibility breakage
+
+Category: core
+Module: cam
+Announced: 2022-11-01
+Affects: FreeBSD 13.1
+Corrected: 2022-10-13 00:44:16 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+CAM (Common Access Method) is a FreeBSD kernel subsystem which handles
+various aspects of storage management. Various CAM components expose
+an ioctl(2) interface to userspace.
+
+II. Problem Description
+
+A backwards-incompatible change to the CAM ioctl interface was made.
+Partial compatibility support for the old version of the interface was
+provided, but it was incomplete. In particular, CAM periph drivers
+did not handle the old version of the CAMGETPASSTHRU ioctl.
+
+III. Impact
+
+Software applications which make use of the CAM ioctl(2) interface
+may fail to work following an upgrade to FreeBSD 13.1.
+
+IV. Workaround
+
+Affected applications can be recompiled on FreeBSD 13.1.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +5min "Installing errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:26/cam.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:26/cam.patch.asc
+# gpg --verify cam.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 16d4c1de7b40 stable/13-n252721
+releng/13.1/ fff5c5fe911e releng/13.1-n250161
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264709>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:26.cam.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmLEACgkQ05eS9J6n
+5cJRzQ//XtqKLesa2RAQiFgGcWeBjbmSqz+0zriFkfZxHyp4VgORXVwOrqUJrO6M
+SX4TnZ5a+ElbZd1yulSB7JgHSV7ZWh/ltSTUIIGAg+514YtfwhrzJ8ID3Kt01lA2
+KGJMaKZOlyLihbaeIyJm1IvgjFi24QxDRLA479PhtZjjMlrVhm49PLum2TDR7qwr
+j44pisNGqhxgA6C6YZW4XaNDJ4kISOFjYPmlKLC6qi7i8vsPXJNzgrZq6zJscomh
+fvk7Th3/1p65+KNSK26aJbmxqvgJDRJHyCXseAYylxyISvuoVmvWrgDFYmwCgfy0
+/VNsnxDRPvx+tpGvLyWBGcb5slUg/+j8JxK1pgV5xRUQ30CGP42jQWGMmIna3Lud
+pv6Q1jhvcZWKC7kuZIdyzj/UgeQPwGw8qLax4DSSvysMU7YDkBwE3l4909eZElkG
+okitdWuWeHnz//CC6dtJE2mGmgoIFUr/uKro2TMV5a6/97A/1CFULydc8dd4objV
+YHaXEda1scMzq8GevfDFhji2gqg7tZ4eB7M0VVSgMBjcHkbIldpgtm1wKRNDBXPP
+rbvi0aKr1GcrBp19Jeuaz6rxGEzvsxEhBC5lW8hIBiYQEaMK6OJrzkJEiUGQCHPl
+JrynKvzC6dHnFKFhVfZaG1SZ2wS7hXnV0Y1LnNjPwK9zrJJJcgc=
+=KqXj
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc
new file mode 100644
index 0000000000..bfbb585e38
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:27.loader Errata Notice
+ The FreeBSD Project
+
+Topic: UEFI loader failing to boot older amd64 kernels
+
+Category: core
+Module: loader
+Announced: 2022-11-01
+Affects: FreeBSD 13.1
+Corrected: 2022-10-14 03:06:13 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 18:03:25 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
*** 6891 LINES SKIPPED ***