git: 6b1bdbc6f2 - main - Add EN-26:01 through EN-26:03, SA-26:01, and SA-26:02.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Jan 2026 22:01:45 UTC
The branch main has been updated by gordon:
URL: https://cgit.FreeBSD.org/doc/commit/?id=6b1bdbc6f2b401b1bc0f1b937596714b781c9aa1
commit 6b1bdbc6f2b401b1bc0f1b937596714b781c9aa1
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2026-01-27 22:01:10 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2026-01-27 22:01:10 +0000
Add EN-26:01 through EN-26:03, SA-26:01, and SA-26:02.
Approved by: so
---
website/data/security/advisories.toml | 8 +
website/data/security/errata.toml | 12 +
.../advisories/FreeBSD-EN-26:01.devinfo.asc | 127 +++++
.../security/advisories/FreeBSD-EN-26:02.arm64.asc | 137 +++++
.../security/advisories/FreeBSD-EN-26:03.vm.asc | 144 ++++++
.../advisories/FreeBSD-SA-26:01.openssl.asc | 203 ++++++++
.../security/advisories/FreeBSD-SA-26:02.jail.asc | 150 ++++++
.../static/security/patches/EN-26:01/devinfo.patch | 477 ++++++++++++++++++
.../security/patches/EN-26:01/devinfo.patch.asc | 16 +
.../security/patches/EN-26:02/arm64-14.patch | 66 +++
.../security/patches/EN-26:02/arm64-14.patch.asc | 16 +
.../security/patches/EN-26:02/arm64-15.patch | 66 +++
.../security/patches/EN-26:02/arm64-15.patch.asc | 16 +
.../static/security/patches/EN-26:03/vm-13.patch | 62 +++
.../security/patches/EN-26:03/vm-13.patch.asc | 16 +
.../static/security/patches/EN-26:03/vm-14.patch | 62 +++
.../security/patches/EN-26:03/vm-14.patch.asc | 16 +
.../static/security/patches/EN-26:03/vm-15.patch | 62 +++
.../security/patches/EN-26:03/vm-15.patch.asc | 16 +
.../security/patches/SA-26:01/openssl-13.patch | 194 ++++++++
.../security/patches/SA-26:01/openssl-13.patch.asc | 16 +
.../security/patches/SA-26:01/openssl-14.patch | 251 ++++++++++
.../security/patches/SA-26:01/openssl-14.patch.asc | 16 +
.../security/patches/SA-26:01/openssl-15.patch | 550 +++++++++++++++++++++
.../security/patches/SA-26:01/openssl-15.patch.asc | 16 +
.../static/security/patches/SA-26:02/jail-13.patch | 550 +++++++++++++++++++++
.../security/patches/SA-26:02/jail-13.patch.asc | 16 +
.../static/security/patches/SA-26:02/jail-14.patch | 498 +++++++++++++++++++
.../security/patches/SA-26:02/jail-14.patch.asc | 16 +
29 files changed, 3795 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 2a35d25d09..6623b3623e 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,14 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:02.jail"
+date = "2026-01-27"
+
+[[advisories]]
+name = "FreeBSD-SA-26:01.openssl"
+date = "2026-01-27"
+
[[advisories]]
name = "FreeBSD-SA-25:12.rtsold"
date = "2025-12-16"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index d726df571c..24f08a7faf 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,18 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-26:03.vm"
+date = "2026-01-27"
+
+[[notices]]
+name = "FreeBSD-EN-26:02.arm64"
+date = "2026-01-27"
+
+[[notices]]
+name = "FreeBSD-EN-26:01.devinfo"
+date = "2026-01-27"
+
[[notices]]
name = "FreeBSD-EN-25:20.vmm"
date = "2025-12-16"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc b/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc
new file mode 100644
index 0000000000..fffa00bdf3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:01.devinfo Errata Notice
+ The FreeBSD Project
+
+Topic: devinfo output formatting regression
+
+Category: core
+Module: devinfo
+Announced: 2026-01-27
+Affects: FreeBSD 15.0
+Corrected: 2025-12-19 18:16:12 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:45 UTC (releng/15.0, 15.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+devinfo(8) is a tool to report information about devices present in a system
+including resources used by devices such as MMIO regions and interrupts.
+
+libxo is a library that provides both "human-readable" and structured text
+output (e.g. JSON and XML).
+
+II. Problem Description
+
+Changes made during the development cycle of 15.0 to adapt devinfo(8) to use
+libxo unintentionally altered the human-readable output breaking existing tools
+that parsed the output.
+
+III. Impact
+
+This bug broke the Intel nvmupdate tool available in the
+sysutils/intel-nvmupdate port. There may be other utilities that are also
+broken.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:01/devinfo.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:01/devinfo.patch.asc
+# gpg --verify devinfo.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ ed6612dea24f stable/15-n281586
+releng/15.0/ 6a192c14d244 releng/15.0-n281000
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291510>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:01.devinfo.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NCkACgkQbljekB8A
+Gu+8tA//fEWpN3LE3MMstQzJM9EaQqO0Yt2PBGWhg+pR99i/Bx1Xcsmm+8zMhbx9
+2HB99/x91xVmkhaLISgLsK+tAB2vPCln1dpAt8K/nQxo/+AgF5oNdRI5sytzjhsZ
+MxfAECJ81MtT83isA2sJpRbp6pYA3yPj9ab2C7V2I9GQLRK6/Fy8MhvuwHlc3Y0S
+LgMSn8wOH4vRZ+dXn8JgPA38hbSnEpoWPMWaREQJYwTO5zKJw/TW4/tWaeyZOZd7
+fMxv22xuB6Bta3mTL9sWwYnGN4Ig0miBQstBto6UQnXkm7qZ1Av7MLM2UvZG44Ol
+cGDtLyngyxhlEdVGu0AcO3AP2F4s1ot2g9DjC39/dIfRqlSrqjg0elm9N4pXeT0Z
+5u9pBkea8z9aAkkxMyCBqROLpnWzdSKAW7MEAmRuZBrdczkfAGulvWJBEsPEu9ZW
+wldCugRHxVO+5r9Mq11InRVcM1Jfkv7ZqH/5p1GHdDbUUlqdMC/H1P0oXDfowx9h
+m/LJTP1FQyCDJr2rtR4JHRo7ifQJwpMVaKWDfbBKtIHlsq27woEy8dZIad9WyAAN
+pvC4wq7PPg4WZ1HB54CUmAD5y49HuHeaS3KLA8ir4BwmdFmSC0KWQGpHQDgmh+Gt
+xU7Sl+e4gJpu+zlD6I5pn7JTaz0DqIFdyzckBxEUBlmPkIETM+s=
+=mQty
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc b/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc
new file mode 100644
index 0000000000..ceb386017f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:02.arm64 Errata Notice
+ The FreeBSD Project
+
+Topic: arm64 SVE signal context misalignment
+
+Category: core
+Module: arm64
+Announced: 2026-01-27
+Affects: FreeBSD 15.0 and 14.3
+Corrected: 2026-01-13 16:27:47 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:46 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2026-01-26 14:47:24 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:11 UTC (releng/14.3, 14.3-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Scalable Vector Extension (SVE) is an extension of the arm64 instruction set
+providing SIMD functionality.
+
+II. Problem Description
+
+When a signal is delivered to a thread, the kernel saves the thread's usermode
+register values and stores them on the interrupted thread's stack prior to
+invoking the signal handler.
+
+When SVE is present, SVE registers must be saved as well. This register context
+was not properly aligned when written out to userspace, and a subsequent request
+to restore that context could fail as a result.
+
+III. Impact
+
+Processes could crash unexpectedly after handling a signal.
+
+IV. Workaround
+
+No workaround is available. Non-arm64 systems are not affected, and arm64
+systems without SVE are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-15.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-15.patch.asc
+# gpg --verify arm64-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-14.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-14.patch.asc
+# gpg --verify arm64-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 683decf362ce stable/15-n281851
+releng/15.0/ 679b1a810e0e releng/15.0-n281001
+stable/14/ bcd6bb8067d1 stable/14-n273416
+releng/14.3/ 3ba856f715ca releng/14.3-n271456
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:02.arm64.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NCwACgkQbljekB8A
+Gu/mSxAAwNJzUNx/bCFoGEoV1vkM5aUOd4lBnFyH/aeRUP/R8bKWQ4ydxiZTfd8m
+m+ltioN//WUsP88h6OaAw4JeZBt4HCNi3Pj0fGyu0z4zCjFuKL/1k78Vl51Zt3pJ
+bWJBr6WJ5JVmTzf3edbTpa6KA8uKH9JYdpwBsW6ACklBExFyjlYBBblxjWxNP4zo
+WPzaYBqGQ/ZQqcQMF06n1M//ufvkHI++R3sOhGzuXz/PJlaUWhn5hblfw0iFt1Py
+G3il68l+ONnPiXIkKRzEUCFoYO8feYsj4xK52hAik904JVqJLqUpkPeWgT7bRhzi
+YUruypFE5Nt6RCPQ74dKZrshfdGcKeA1pVMAt8QC2e3DzWPYWjVCJiDlYD/kIvls
+d/YiGieYs4cbVlX3FS1xWAs3MgN4osyfj/a5fTeSjuTcqjACW0g6xQRLW4LwMZ4V
+rH6vm/gRf5/gheFOKokZh/ES3CKQFEXunGdn1ObWd1VKZU77LvVQLsI4J2pXhVYf
+CqdU1qs80Qk13K7QmGMt6oRVp0IkM7NRIRivznOLUD0/SAtEdTb3G7gwJAR+AE0U
+y61Bsmo4ujOTAGHH5gNAPX9xSWUlItYNTm5shKy6Xv5bQCY04Zi3S2ztXi0NkmX3
+4xWdz9v7/d1CPLCndgWHHDgnZuG3rUH6ueJCDQhtITcnD81w/5U=
+=utLQ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc b/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc
new file mode 100644
index 0000000000..dd79584d27
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:03.vm Errata Notice
+ The FreeBSD Project
+
+Topic: The page fault handler fails to zero memory
+
+Category: core
+Module: vm
+Announced: 2026-01-27
+Affects: All supported versions of FreeBSD.
+Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The mmap(2) system call allows applications and system libraries to allocate
+heap memory using the MAP_ANON flag. The system call allocates virtual memory
+in the calling thread's address space and physical memory is allocated on
+demand as page faults occur. Memory allocated this way is guaranteed to be
+zero-filled.
+
+II. Problem Description
+
+Under some conditions, the physical pages allocated and mapped by the kernel
+may not be zero-filled.
+
+III. Impact
+
+This bug has been observed to cause process crashes.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc
+# gpg --verify vm-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc
+# gpg --verify vm-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc
+# gpg --verify vm-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 3c0942f99209 stable/15-n281508
+releng/15.0/ 6e279feb40be releng/15.0-n281002
+stable/14/ 99f641267d44 stable/14-n272998
+releng/14.3/ de311ee39b3f releng/14.3-n271457
+stable/13/ babac9d7bc05 stable/13-n259725
+releng/13.5/ 4967e14ba25b releng/13.5-n259188
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:03.vm.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NC8ACgkQbljekB8A
+Gu/4KhAAgF/05mLRDs9wlSC1BrN5xZf6zoFdrsj0BC72miZD1qQXe9VtxzJINMLu
+b/jbKYT1ILPEXGhHX7epjc4GEM1Eq/kUJnTb35jnkFN63stMn1MX1nqtSNxLzj5f
+tJcsb2Atp/3EkNMhcFwFmolQ2qSdQG+s7xDZhHI/hNi5CS/8B7W59LZI3tWXJujM
+AbTiHZZSS68RA/co0lmbDYtLMkFEuQBLdcDAdfOHL5+rV2/QIAVYBdqiynVx+cia
+iJBbwBuOjiMWSdqP9JiSRnd1HhW3dMUMJTlZFmyGiQNmS+lYE1AgLgPdMPwSReO8
++79yUfIrFUqWpG6lM33a9T/t3jN8ejZsYRO8OFghvtaePJvUm/P6D0n0werR8PaE
+lI9u7BlBqpX9PJ4FUJmUCHAojqXH6msT2RXLg5GcLhjlApMUi2hAcNuT9tp7/+4A
+ekc0/sZqJdrcWTmu00w6Tpk9zohW/MX/DHxNEj4SPn5dpjvz9QttaCpNJNyNARuU
+GdzZc8poPk3mpTcawABAD0LItpW6d2XLUehtgaWRc5mDoKZj5GIfLjDmqIqqxe9k
+C9e6bhL+1QSZQ2HTTNl8e/xoUX+D2pAiE4GkpRSc6u6ZZ3BOQ+fRwbZlnFSz6diT
+IIkUddz63TCmxPiiZiJs7XZFZMpx2wJTvuu51hjLs5t6Eswdk20=
+=ecKh
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc b/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc
new file mode 100644
index 0000000000..135e849c56
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc
@@ -0,0 +1,203 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:01.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in OpenSSL
+
+Category: contrib
+Module: openssl
+Announced: 2026-01-27
+Credits: Aisle Research
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-01-27 19:14:58 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:49 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2026-01-27 19:15:10 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:22 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-27 19:15:19 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:45 UTC (releng/13.5, 13.5-RELEASE-p9)
+CVE Name: CVE-2025-11187, CVE-2025-15467, CVE-2025-15468,
+ CVE-2025-15469, CVE-2025-66199, CVE-2025-68160,
+ CVE-2025-69418, CVE-2025-69419, CVE-2025-69420,
+ CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+Multiple issues have been reported as part of this advisory with different
+issues affecting different OpenSSL versions and therefore different FreeBSD
+versions. Instead of exhaustively listing detailed writeups for each issue,
+please see the referenced advisory from OpenSSL.
+
+Issues affecting FreeBSD 15.0 (OpenSSL 3.5):
+ CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
+ CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing
+ CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
+ CVE-2025-15469 - "openssl dgst" one-shot codepath silently truncates inputs >16MB
+ CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+Issues affecting FreeBSD 14.3 (OpenSSL 3.0):
+ CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+Issues affecting FreeBSD 13.5 (OpenSSL 1.1.1):
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+III. Impact
+
+The issues include improper/missing validation, NULL pointer dereferences,
+out-of-bounds writes, incorrect data exposure, input truncation, excessive
+memory allocation, and a stack buffer overflow.
+
+Security impact can be a minimal information disclosure to a potential remote
+code execution. See the OpenSSL advisory for specific details.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch.asc
+# gpg --verify openssl-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch.asc
+# gpg --verify openssl-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch.asc
+# gpg --verify openssl-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 5626e81f1a43 stable/15-n282001
+releng/15.0/ 02f448fe5cc2 releng/15.0-n281004
+stable/14/ ee8d50bfd59e stable/14-n273467
+releng/14.3/ 65c1295c6bb0 releng/14.3-n271466
+stable/13/ 1741502f8d93 stable/13-n259728
+releng/13.5/ 9afc16c4e8a2 releng/13.5-n259198
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://openssl-library.org/news/secadv/20260127.txt>
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-11187>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-15467>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-15468>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-15469>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-66199>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-68160>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-69418>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-69419>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-69420>
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-69421>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-22795>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-22796>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:01.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDQACgkQbljekB8A
+Gu/F1g/+LJ7/7CqPRxwRZ3/PCX6aDCnCOtau49/5EsYYRzplz9YdFIOrfXKd9krg
+OQy4gRufTAImG+vbVXjNfWD10r7pLVgbrqYjT9uGMPWEHlaMBlZz/d2sM86B8nLa
+KfEuiQYYLFCvU8N8JsdF2krZ8RI1wCs+cMSddOgCmDTsPykDIW37wRYYkxwZakG4
+yQ8tJ1yTn07ayuNXvPdYUeyH67HCDXHOedZUBAQXvjYTpYna1XEOIOEptm73TEMp
+/+UN4YPSmpAEBqo4sStEcZ4hTesMiP90hUXFH97QN5Hj4rYZQqHuPNgPJL3XLnZD
+n/exm89riGa+Pag8Ok4y5uknAN0FtiKN5pIsTiFhmDzyl8maTD+nraQe3yyDai0Y
+F8kR/z+ceQv7HtNl9ACSW57a0YSngURzdNH6jK1LyroXg15U55D4M/5oGKZPC0B1
+yg3qjvyHL/RTd1mx+UHNP6FXpZzTGwav1Y859jnD7UVHDJPKvGC1bol0QklgQ2jf
+zR4reh7kITU59CB1iMp1qB5N9oIBi1XVEIRYP59p/fqSb4H4WfGMDdpv4GwI4KGB
+KsNylKJ+lBIqRy5NyIUaTEScog4RCPbghUdg9hpX9eitB5XIaLDg9qtBhPeYj2/v
+mSk9hEDZT/BvxXWrYskBs6vyoT+gNtbHByLBRTdJp/GsDxfntPo=
+=G/dg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc b/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc
new file mode 100644
index 0000000000..1f36df3553
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:02.jail Security Advisory
+ The FreeBSD Project
+
+Topic: Jail escape by a privileged user via nullfs
+
+Category: core
+Module: jail
+Announced: 2026-01-27
+Affects: FreeBSD 14.3 and 13.5
+Corrected: 2025-06-30 14:21:28 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:15 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-26 15:51:19 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:37 UTC (releng/13.5, 13.5-RELEASE-p9)
+CVE Name: CVE-2025-15547
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Jails are an operating system virtualization technology which allow
+administrators to confine processes within an environment with limited ability
+to affect the system outside of that environment. In particular, jailed
+processes typically have their filesystem access confined by a chroot-like
+mechanism.
+
+nullfs(4) is a pseudo-filesystem which allows a directory to be mounted at
+another point in the filesystem hierarchy.
+
+II. Problem Description
+
+By default, jailed processes cannot mount filesystems, including nullfs(4).
+However, the allow.mount.nullfs option enables mounting nullfs filesystems,
+subject to privilege checks.
+
+If a privileged user within a jail is able to nullfs-mount directories, a
+limitation of the kernel's path lookup logic allows that user to escape the
+jail's chroot, yielding access to the full filesystem of the host or parent
+jail.
+
+III. Impact
+
+In a jail configured to allow nullfs(4) mounts from within the jail, the jailed
+root user can escape the jail's filesystem root.
+
+IV. Workaround
+
+No workaround is available. Jails not created with the allow.mount.nullfs option
+are unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch.asc
+# gpg --verify jail-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch.asc
+# gpg --verify jail-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 53963866f708 stable/14-n271804
+releng/14.3/ 193ae464aa36 releng/14.3-n271460
+stable/13/ f0fbaa71a5a2 stable/13-n259726
+releng/13.5/ e87a5dd8054a releng/13.5-n259191
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262180>
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2025-15547>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:02.jail.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NVcACgkQbljekB8A
+Gu/70A//VWtonOhQP9CeZPUOL41yHUYKOOm9Wf6DkbWqq7aqxcpM5FiGn3Wq84ql
+Qy0qpLIXg4KpHD8qjARqQDg2A3J60O1yW2X7WWLRCCDVMsPRe5sNCuwPH88Mzu+x
+1VsE9qne25CKJrLcvFsMoO6XfCx6yQ4Qw6uZjyk1DPPIjZfaZYaM9ysAswAo8tsi
+7/s+NsFImjN9S6S7q7Z3E+222pOmEkhUKPNaCXoCXTeutiMd+18oxL290xzXs/49
+0NpdOQcX9R+AiA3hJYkrg6YwoxJASc4aXUv7/SKNRdyL9eRiRkt0ta5jsCup3CXw
+SIovbhzauXTbv+AliUoAVSXnEK7S0MyUoMM6RG6OPH7JoKf83Sx61P+D8Y1fMYs1
+Gd+g5Nw00Xk3/8hQUSo91K3+A0Lb88QLt+Wc8pzaj7QYfaaYb9DSfyx3U/cjbYiv
+sovFZ7D3r0EH5P3n1jkWHQWrV1/u4I7nd/URC0Lz4WUhEfM3X0abaq5q939fpvJU
+y37vBlbfw5d139S3C2frPR2sPX6e6K+jXZzjnpLtYF6CsIjfcfWRCRu3pBvWJ24X
+/KCJ2AlhGRDcTbYjafzUQMcni4lw5uZ/gpl5SGfbcOTaM1yC0HWmG8W9NaYR79Gn
+QtZ+RgQm5wJJAzHX9wQbVTaMoWW5/AbQy2dhDZBjx2rbZmOGBNc=
+=SqAm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:01/devinfo.patch b/website/static/security/patches/EN-26:01/devinfo.patch
new file mode 100644
index 0000000000..282c8124de
--- /dev/null
+++ b/website/static/security/patches/EN-26:01/devinfo.patch
@@ -0,0 +1,477 @@
+--- usr.sbin/devinfo/Makefile.orig
++++ usr.sbin/devinfo/Makefile
+@@ -2,6 +2,6 @@
+ PROG= devinfo
+ MAN= devinfo.8
+
+-LIBADD= xo devinfo
++LIBADD= devinfo
+
+ .include <bsd.prog.mk>
+--- usr.sbin/devinfo/devinfo.8.orig
++++ usr.sbin/devinfo/devinfo.8
+@@ -34,13 +34,10 @@
+ .Nd print information about system device configuration
+ .Sh SYNOPSIS
+ .Nm
+-.Op Fl -libxo
+ .Op Fl rv
+ .Nm
+-.Op Fl -libxo
+ .Fl p Ar dev Op Fl v
+ .Nm
+-.Op Fl -libxo
+ .Fl u Op Fl v
+ .Sh DESCRIPTION
+ The
+@@ -51,14 +48,7 @@
+ device.
+ .Pp
+ The following options are accepted:
+-.Bl -tag -width "--libxo"
+-.It Fl -libxo
+-Generate output via
+-.Xr libxo 3
+-in a selection of different human and machine readable formats.
+-See
+-.Xr xo_options 7
+-for details on command line arguments.
++.Bl -tag -width indent
+ .It Fl p Ar dev
+ Display the path of
+ .Ar dev
+@@ -83,8 +73,6 @@
+ .Sh SEE ALSO
+ .Xr systat 1 ,
+ .Xr devinfo 3 ,
+-.Xr libxo 3 ,
+-.Xr xo_options 7 ,
+ .Xr devctl 8 ,
+ .Xr iostat 8 ,
+ .Xr pciconf 8 ,
+--- usr.sbin/devinfo/devinfo.c.orig
++++ usr.sbin/devinfo/devinfo.c
+@@ -4,7 +4,6 @@
+ * Copyright (c) 2000, 2001 Michael Smith
+ * Copyright (c) 2000 BSDi
+ * All rights reserved.
+- * Copyright (c) 2024 KT Ullavik
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -41,18 +40,12 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+-
+-#include <libxo/xo.h>
+ #include "devinfo.h"
+
+ static bool rflag;
+ static bool vflag;
+-static int open_tag_count;
+-static char *last_res;
+
+ static void print_indent(int);
+-static void print_kvlist(char *);
+-static char* xml_safe_string(char *);
+ static void print_resource(struct devinfo_res *);
+ static int print_device_matching_resource(struct devinfo_res *, void *);
+ static int print_device_rman_resources(struct devinfo_rman *, void *);
+@@ -81,46 +74,7 @@
+ n = MIN((size_t)n, sizeof(buffer) - 1);
+ memset(buffer, ' ', n);
+ buffer[n] = '\0';
+- xo_emit("{Pa:%s}", buffer);
+-}
+-
+-/*
+- * Takes a list of key-value pairs in the form
+- * "key1=val1 key2=val2 ..." and prints them according
+- * to xo formatting.
+- */
+-static void
+-print_kvlist(char *s)
+-{
+- char *kv;
+- char *copy;
+-
+- if ((copy = strdup(s)) == NULL)
+- xo_err(1, "No memory!");
+-
+- while ((kv = strsep(©, " ")) != NULL) {
+- char* k = strsep(&kv, "=");
*** 3037 LINES SKIPPED ***