git: 2a530dd472 - main - Add EN-26:14, EN-26:15, and SA-26:25 through SA-26:36.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Jun 2026 21:50:07 UTC
The branch main has been updated by gordon:
URL: https://cgit.FreeBSD.org/doc/commit/?id=2a530dd472df2a76ffe89ddd3b68d0b8381a5adf
commit 2a530dd472df2a76ffe89ddd3b68d0b8381a5adf
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2026-06-09 21:49:15 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2026-06-09 21:49:15 +0000
Add EN-26:14, EN-26:15, and SA-26:25 through SA-26:36.
Approved by: so
---
website/data/security/advisories.toml | 48 +
website/data/security/errata.toml | 8 +
.../advisories/FreeBSD-EN-26:14.syslogd.asc | 151 +
.../advisories/FreeBSD-EN-26:15.openssl.asc | 188 +
.../security/advisories/FreeBSD-SA-26:25.thr.asc | 163 +
.../security/advisories/FreeBSD-SA-26:26.ktls.asc | 161 +
.../security/advisories/FreeBSD-SA-26:27.sound.asc | 186 +
.../advisories/FreeBSD-SA-26:28.capsicum.asc | 193 +
.../advisories/FreeBSD-SA-26:29.ip6_multicast.asc | 166 +
.../security/advisories/FreeBSD-SA-26:30.linux.asc | 161 +
.../security/advisories/FreeBSD-SA-26:31.arm64.asc | 186 +
.../security/advisories/FreeBSD-SA-26:32.elf.asc | 169 +
.../advisories/FreeBSD-SA-26:33.unbound.asc | 180 +
.../security/advisories/FreeBSD-SA-26:34.vt.asc | 150 +
.../advisories/FreeBSD-SA-26:35.openssl.asc | 208 +
.../security/advisories/FreeBSD-SA-26:36.ldns.asc | 152 +
.../static/security/patches/EN-26:14/syslogd.patch | 54 +
.../security/patches/EN-26:14/syslogd.patch.asc | 17 +
.../security/patches/EN-26:15/openssl-14.3.patch | 680999 ++++++++++++++++++
.../patches/EN-26:15/openssl-14.3.patch.asc | 17 +
.../security/patches/EN-26:15/openssl-14.4.patch | 489826 +++++++++++++
.../patches/EN-26:15/openssl-14.4.patch.asc | 17 +
.../security/patches/EN-26:15/openssl-15.0.patch | 679696 +++++++++++++++++
.../patches/EN-26:15/openssl-15.0.patch.asc | 17 +
website/static/security/patches/SA-26:25/thr.patch | 11 +
.../static/security/patches/SA-26:25/thr.patch.asc | 17 +
.../static/security/patches/SA-26:26/ktls.patch | 168 +
.../security/patches/SA-26:26/ktls.patch.asc | 17 +
.../security/patches/SA-26:27/sound-14.3.patch | 358 +
.../security/patches/SA-26:27/sound-14.3.patch.asc | 17 +
.../security/patches/SA-26:27/sound-14.4.patch | 360 +
.../security/patches/SA-26:27/sound-14.4.patch.asc | 17 +
.../security/patches/SA-26:27/sound-15.0.patch | 369 +
.../security/patches/SA-26:27/sound-15.0.patch.asc | 17 +
.../security/patches/SA-26:27/sound-15.1.patch | 369 +
.../security/patches/SA-26:27/sound-15.1.patch.asc | 17 +
.../security/patches/SA-26:28/capsicum-14.patch | 47 +
.../patches/SA-26:28/capsicum-14.patch.asc | 17 +
.../security/patches/SA-26:28/capsicum-15.0.patch | 47 +
.../patches/SA-26:28/capsicum-15.0.patch.asc | 17 +
.../security/patches/SA-26:28/capsicum-15.1.patch | 47 +
.../patches/SA-26:28/capsicum-15.1.patch.asc | 17 +
.../patches/SA-26:29/ip6_multicast-14.patch | 188 +
.../patches/SA-26:29/ip6_multicast-14.patch.asc | 17 +
.../patches/SA-26:29/ip6_multicast-15.0.patch | 188 +
.../patches/SA-26:29/ip6_multicast-15.0.patch.asc | 17 +
.../patches/SA-26:29/ip6_multicast-15.1.patch | 189 +
.../patches/SA-26:29/ip6_multicast-15.1.patch.asc | 17 +
.../static/security/patches/SA-26:30/linux.patch | 15 +
.../security/patches/SA-26:30/linux.patch.asc | 17 +
.../security/patches/SA-26:31/arm64-14.3.patch | 179 +
.../security/patches/SA-26:31/arm64-14.3.patch.asc | 17 +
.../security/patches/SA-26:31/arm64-14.4.patch | 74 +
.../security/patches/SA-26:31/arm64-14.4.patch.asc | 17 +
.../security/patches/SA-26:31/arm64-15.patch | 74 +
.../security/patches/SA-26:31/arm64-15.patch.asc | 17 +
.../security/patches/SA-26:32/elf-14.3.patch | 254 +
.../security/patches/SA-26:32/elf-14.3.patch.asc | 17 +
.../security/patches/SA-26:32/elf-14.4.patch | 254 +
.../security/patches/SA-26:32/elf-14.4.patch.asc | 17 +
.../static/security/patches/SA-26:32/elf-15.patch | 254 +
.../security/patches/SA-26:32/elf-15.patch.asc | 17 +
.../static/security/patches/SA-26:33/unbound.patch | 642 +
.../security/patches/SA-26:33/unbound.patch.asc | 17 +
website/static/security/patches/SA-26:34/vt.patch | 47 +
.../static/security/patches/SA-26:34/vt.patch.asc | 17 +
.../security/patches/SA-26:35/openssl-14.patch | 626 +
.../security/patches/SA-26:35/openssl-14.patch.asc | 17 +
.../security/patches/SA-26:35/openssl-15.patch | 1065 +
.../security/patches/SA-26:35/openssl-15.patch.asc | 17 +
.../static/security/patches/SA-26:36/ldns.patch | 188 +
.../security/patches/SA-26:36/ldns.patch.asc | 17 +
72 files changed, 1859534 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 1a44fe400f..6558eefda7 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,54 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:36.ldns"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:35.openssl"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:34.vt"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:33.unbound"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:32.elf"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:31.arm64"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:30.linux"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:29.ip6_multicast"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:28.capsicum"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:27.sound"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:26.ktls"
+date = "2026-06-09"
+
+[[advisories]]
+name = "FreeBSD-SA-26:25.thr"
+date = "2026-06-09"
+
[[advisories]]
name = "FreeBSD-SA-26:24.cap_net"
date = "2026-05-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 6cb37b7b15..3ecb2721f7 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-26:15.openssl"
+date = "2026-06-09"
+
+[[notices]]
+name = "FreeBSD-EN-26:14.syslogd"
+date = "2026-06-09"
+
[[notices]]
name = "FreeBSD-EN-26:13.freebsd-update"
date = "2026-05-20"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:14.syslogd.asc b/website/static/security/advisories/FreeBSD-EN-26:14.syslogd.asc
new file mode 100644
index 0000000000..ac172fdfde
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:14.syslogd.asc
@@ -0,0 +1,151 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:14.syslogd Errata Notice
+ The FreeBSD Project
+
+Topic: syslogd(8) memory leak in casper_ttymsg()
+
+Category: core
+Module: syslogd
+Announced: 2026-06-09
+Affects: FreeBSD 15.0 and later
+Corrected: 2026-05-26 20:41:22 UTC (stable/15, 15.1-STABLE)
+ 2026-05-28 22:16:09 UTC (releng/15.1, 15.1-RC2)
+ 2026-06-09 19:19:32 UTC (releng/15.0, 15.0-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+syslogd(8) is the system log daemon, responsible for receiving log messages
+from the kernel and from userland programs and dispatching them according to
+syslog.conf(5). It can be configured to log messages to a system console or
+to logged-in users' TTYs.
+
+As of FreeBSD 15.0, syslogd runs in a Capsicum sandbox, and delegates the
+actual writing of console messages to a libcasper(3) service.
+
+II. Problem Description
+
+When delivering a message to the console or to a terminal, the libcasper
+service retrieved the message text with nvlist_take_string_array(9), which
+transfers ownership of the array and its strings to the caller. The
+casper_ttymsg() and casper_wallmsg() functions never freed them, leaking
+memory on every message routed to the console or a terminal.
+
+III. Impact
+
+On long-running systems that emit a steady stream of log messages routed to
+/dev/console or to user terminals, the resident size of syslogd.casper
+helper process grows without bound. This may eventually lead to memory
+pressure, including swap usage, or process termination by the out-of-memory
+killer. syslogd itself continues to function.
+
+IV. Workaround
+
+Periodically restarting syslogd will reclaim leaked memory. Systems that do
+not direct syslog output to /dev/console, terminals, or wall destinations
+are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# service syslogd restart
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# service syslogd restart
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:14/syslogd.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:14/syslogd.patch.asc
+# gpg --verify syslogd.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart syslogd(8), or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ be03b0fb2241 stable/15-n283693
+releng/15.1/ d51d91b07f5b releng/15.1-n283540
+releng/15.0/ 998de2d14e25 releng/15.0-n281049
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295488>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:14.syslogd.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiS0bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvi2gQAMf5aER4RND+DWh7qbbQ
+ZuQwejCwW1MeX/oex0TAD8tvGgaBXOztAMMPQ4KRyrzjIYeo5+NpWAYlhqiAOOKE
+DCctvWY2hMylj5NNV2etV4QpK0h2R4ZTRj2gnWhYIr/PkzRmaJu9tc3dOH5DQSQZ
+WZTwo+Wu/vcAnevgIe4cOPI07YdZjl6bGlOo8q0qBaJ1xKk5NbY3Se9IJX3pCf31
+KODaPY1Py9EuYyW1HoDfrZV7V0iV3X51lgLNmHa2l8Z2cFD/U7Xsk08wU/vtcY0o
+la+hvXwMjzHrtie6a2FNV2twyH534B/2ye5Olsf/QnI+g6mEKr3Xif9tt5fYQHXW
+Lku+Auc3Hy1d1vK5MUOUpf53SEtvLFkISBAAFIT5x/4kC9W+Kjvl7vspSw+2whuM
+S4iLfBbx3DN9aHCNvL1rnkTvn9H7/nOtiaJ5SHBXmtWyYDS/ZptBuzq8L0NaLRfp
+lHoSCwND6HXQNZZi3QGVctthFg24ZJoxZOZrx7cDHIphtf/AHMlYkpIPZMaCuiBa
+Pw0B/m03VBFYgHCyXlKjQ1EKbAHpS3/pNv5EtCnAAWPNGNoiAjQDa5CnUg0nlz3d
+wI+qXBAAM7dUndhvs10/ta/n15Dn6hf89Eojx4SDvPWWAmvtmhd0dDn7kIRDVzVf
+2nqvCHY/6icyLLm3vbwjwgv5
+=nmHp
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:15.openssl.asc b/website/static/security/advisories/FreeBSD-EN-26:15.openssl.asc
new file mode 100644
index 0000000000..f3bb91d1b7
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:15.openssl.asc
@@ -0,0 +1,188 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:15.openssl Errata Notice
+ The FreeBSD Project
+
+Topic: Update OpenSSL to 3.0.20 and 3.5.6
+
+Category: contrib
+Module: openssl
+Announced: 2026-06-09
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-04-12 02:15:10 UTC (stable/15, 15.0-STABLE)
+ 2026-06-09 19:19:33 UTC (releng/15.0, 15.0-RELEASE-p10)
+ 2026-04-13 00:12:11 UTC (stable/14, 14.4-STABLE)
+ 2026-06-09 19:18:58 UTC (releng/14.4, 14.4-RELEASE-p6)
+ 2026-06-09 19:18:25 UTC (releng/14.3, 14.3-RELEASE-p15)
+CVE Name: CVE-2026-2673, CVE-2026-28387, CVE-2026-28388,
+ CVE-2026-28389, CVE-2026-31789, CVE-2026-31790
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+The OpenSSL releases included with the affected FreeBSD versions predate
+OpenSSL 3.0.20 (FreeBSD 14) and 3.5.6 (FreeBSD 15). This update imports the
+current upstream point release on each branch. The import resolves several
+issues affecting different OpenSSL versions, and therefore different FreeBSD
+versions. Instead of listing detailed writeups for each issue, please see
+the referenced advisory from OpenSSL.
+
+Issues affecting FreeBSD 15 (OpenSSL 3.5):
+ CVE-2026-2673 - DEFAULT keyword corrupts the key-agreement group list
+ CVE-2026-28387 - Possible use-after-free in DANE client code
+ CVE-2026-28388 - NULL dereference when processing a delta CRL
+ CVE-2026-28389 - NULL dereference processing CMS KeyAgreeRecipientInfo
+ CVE-2026-31789 - Heap buffer overflow in hexadecimal conversion
+ CVE-2026-31790 - NULL dereference processing CMS KeyTransRecipientInfo
+
+Issues affecting FreeBSD 14 (OpenSSL 3.0):
+ CVE-2026-28387 - Possible use-after-free in DANE client code
+ CVE-2026-28388 - NULL dereference when processing a delta CRL
+ CVE-2026-28389 - NULL dereference processing CMS KeyAgreeRecipientInfo
+ CVE-2026-31789 - Heap buffer overflow in hexadecimal conversion
+ CVE-2026-31790 - NULL dereference processing CMS KeyTransRecipientInfo
+
+III. Impact
+
+The issues include missing input validation, NULL pointer dereferences, a
+use-after-free, and a heap buffer overflow. Impact is generally limited
+to a crash and a Denial of Service. See the OpenSSL advisory for specific
+details.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. A reboot is required
+following the upgrade to ensure that all applications and kernel code are
+rebuilt with the updated OpenSSL-provided code.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for an erratum fix"
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum fix"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-15.0.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-15.0.patch.asc
+# gpg --verify openssl-15.0.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.4.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.4.patch.asc
+# gpg --verify openssl-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:15/openssl-14.3.patch.asc
+# gpg --verify openssl-14.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 51a80be04fe6 stable/15-n282933
+releng/15.0/ 0f6e90c4cc4f releng/15.0-n281050
+stable/14/ 27ac9d336f71 stable/14-n273945
+releng/14.4/ 1bfe60bae8b8 releng/14.4-n273712
+releng/14.3/ d95a8c20f3bc releng/14.3-n271512
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<XX confirm the OpenSSL advisory URL/date before release>
+<URL:https://openssl-library.org/news/secadv/20260407.txt>
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-2673>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-28387>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-28388>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-28389>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-31789>
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-31790>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:15.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiTUbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv7GgP/Rlmd7bwJWjqt05Rdw+u
+QEJnicVJ4PaoXKlDOxyZ5e8N24tV2MImhgxb1lIS0EluYSVYw8dN0jMymgAK0qxJ
+W0UfgE05tOvEncUmAM62Rm+aQCljP9xu65CNcYkP4JJ3Rx+ebPugi6hbXwH4jlgG
+PIL1E0WJrOQhC/ZhJ79kU4yRTy5Lo1CRNQ54z+84nV81xWiKDrHoGlFzcr491xZv
+E+MysddGPq8o/YhuAR0aG/dokUbNsdBpak0zzXTAPQxCHO/MmnTRg3I+iWIhyTkp
+y+vq10xqZaZVOmumlsn6hbyDTcCyWP6uFwvk2KS0xLW1JU+PjYPmo9yJF64HD0ic
+IWEW2GQ1wCk0N/JKoUZIkW+Xnz2dOZtpYm05hgJyqaNcyUqZ1rHUpE2nTkgUlGMk
+NX+kroBqwqEy/+UZUa6b2B5sWDw/sOe7q08moso8ayXgM3/cvVpxh7x0o2SUC0jq
+IZd7y5HvvNqVnhAapSFFiQQ2LZNohcR5z8QSLf+ksr20nh+4841dSEry6s9iZxMD
+EMtx2JmFfLhsEOAyG4EoKHJnSIIcpDScqhT1xBpZLzceiOhKRWR34/TBcnkku+aR
+/zehcFDZjHFkmh1ZSrzzFSLB6Ph1VUjT32jhetfcjCeYgY8J0AmCJb6HZVVNLTRl
+Av4Oox3d6umxDz3LWggvJqNU
+=jdTF
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:25.thr.asc b/website/static/security/advisories/FreeBSD-SA-26:25.thr.asc
new file mode 100644
index 0000000000..95dd443d22
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:25.thr.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:25.thr Security Advisory
+ The FreeBSD Project
+
+Topic: Missing permission check in thr_kill2(2)
+
+Category: core
+Module: thr
+Announced: 2026-06-09
+Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
+ and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Credits: Igor Gabriel Sousa e Souza
+Affects: All supported versions of FreeBSD
+Corrected: 2026-06-09 19:17:27 UTC (stable/15, 15.1-STABLE)
+ 2026-06-09 19:20:05 UTC (releng/15.1, 15.1-RC3-p1)
+ 2026-06-09 19:19:42 UTC (releng/15.0, 15.0-RELEASE-p10)
+ 2026-06-09 19:17:45 UTC (stable/14, 14.4-STABLE)
+ 2026-06-09 19:19:04 UTC (releng/14.4, 14.4-RELEASE-p6)
+ 2026-06-09 19:18:34 UTC (releng/14.3, 14.3-RELEASE-p15)
+CVE Name: CVE-2026-45256
+
+This vulnerability was independently reported by multiple parties prior to
+publication.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The thr_kill2(2) system call delivers a signal to a specific thread of a
+process identified by its process and thread IDs. As with kill(2), the
+kernel verifies that the calling process is permitted to signal the target
+before the signal is delivered.
+
+II. Problem Description
+
+When used to deliver a signal to a specific thread, thr_kill2(2) called
+p_cansignal() to determine whether the operation was permitted but did not
+check the result before delivering the signal. The signal was sent even
+when the permission check failed. The system call returned the resulting
+error to the caller, but by then the signal had already been delivered.
+
+III. Impact
+
+The missing check allows an unprivileged local user who knows or can guess a
+target's process and thread IDs to send any signal to a process they would
+not normally be permitted to signal, including processes owned by other
+users or by root. The same check enforces jail boundaries, so a jailed
+process can signal processes on the host or in other jails. Thread IDs are
+allocated globally and sequentially, and so can be discovered by brute force
+with no visibility into the target.
+
+An attacker can stop or terminate arbitrary processes, including critical
+system daemons, resulting in a Denial of Service (DoS).
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:25/thr.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:25/thr.patch.asc
+# gpg --verify thr.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ afa0c67a1ba3 stable/15-n283881
+releng/15.1/ 068168fefd4b releng/15.1-n283549
+releng/15.0/ 6f6c7b996719 releng/15.0-n281051
+stable/14/ 72ad7baa99c7 stable/14-n274310
+releng/14.4/ 31f6086db8fe releng/14.4-n273713
+releng/14.3/ fa5581c379fe releng/14.3-n271513
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-45256>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:25.thr.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiUobFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvHNUQAMEmYLwDsVIj73SAnWE4
+PN3KAVFvybeK4R4xYPiwPDtOrdV6HEb4G9O9VgZAomMzE9U7OIZVbXSjKdnEc4Ud
+/54Kg0VlURUCUxncndeBVnT56IzXf9uuT1HuAcSoyN2dDZedAGFbtIrg2YJvPyWL
+oOe1TyRrj03sP8VnznCZZsPYIqUb7UopdFHaVv2qONdlC0OSnODWiqeRJ8Z38tCd
+918AbxTarEKwv5Qx8kV2mvvXIAaK1f6K7l2KqFGdp8HCf5C/plBd7vv6SEVvQhDj
+8D6c1Syc/rUTkn6bmeLFinaPxK7OB1oS/Z+7DwJrjlusAhSKbBFcesE2hHYzxEhP
+8rmevDJPMNZbouvuC4aJeDSKvGd5eUL+5Rt/EIijBsrlzZv1g/glllbTc/7+g3um
+aGP9c4BCDUJVjWxui5ACqR9pe2LWQwDtA7YbukXZqkH0M2OroxLRWWCyOLrAlela
+Eilf64XI6KliSMR+rAL6dmPLxFXVMpJXRKxJmUK3FXDi+Vm0bGaeRwCz49Ts+6XV
+oU7MRQG/F1w+lZRkS2XQ6YJTv4DBiDAofl7i0Rcjlq1JbWxBjpF8ArZX5VqSSi1y
+bOkum8QekuU/sbBIij7JyiEPx2r0ICm/pGXDYnxYuwd0+48orpu9uB6M0gKYEe6D
+mYgtjqeBtUCJwPKOzr36faXQ
+=rFeT
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:26.ktls.asc b/website/static/security/advisories/FreeBSD-SA-26:26.ktls.asc
new file mode 100644
index 0000000000..65c2adcd14
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:26.ktls.asc
@@ -0,0 +1,161 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:26.ktls Security Advisory
+ The FreeBSD Project
+
+Topic: Arbitrary file overwrite via the KTLS receive path
+
+Category: core
+Module: ktls
+Announced: 2026-06-09
+Credits: Bumsrakete
+Affects: All supported versions of FreeBSD
+Corrected: 2026-06-09 19:17:28 UTC (stable/15, 15.1-STABLE)
+ 2026-06-09 19:20:06 UTC (releng/15.1, 15.1-RC3-p1)
+ 2026-06-09 19:19:43 UTC (releng/15.0, 15.0-RELEASE-p10)
+ 2026-06-09 19:17:46 UTC (stable/14, 14.4-STABLE)
+ 2026-06-09 19:19:05 UTC (releng/14.4, 14.4-RELEASE-p6)
+ 2026-06-09 19:18:35 UTC (releng/14.3, 14.3-RELEASE-p15)
+CVE Name: CVE-2026-45257
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Kernel TLS (KTLS) moves Transport Layer Security (TLS) record processing
+into the kernel, allowing applications to encrypt and decrypt socket data
+without copying it to and from userspace and to serve TLS data with
+sendfile(2). When a connection uses software KTLS on the receive path,
+the kernel decrypts each incoming TLS record in place within the socket
+buffer.
+
+II. Problem Description
+
+The KTLS receive path decrypted each record in place, assuming that the
+mbufs holding received data were anonymous and safe to modify. This
+assumption does not hold for data placed on a socket by sendfile(2),
+which can reference file-backed memory directly through non-anonymous
+M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data
+over a loopback connection without enabling KTLS on the transmit side,
+the file-backed mbufs reach the receiver's decryption path unchanged.
+Decrypting a record in place then overwrites the backing file's page
+cache instead of a private copy of the data.
+
+III. Impact
+
+An unprivileged local user who can read a file can overwrite its
+contents with data of their choosing by sending the file over a loopback
+connection on which they have enabled KTLS receive. The write modifies
+the page cache directly, so it bypasses file flags such as schg and is
+written back to disk. By overwriting a setuid binary or other trusted
+file, a local user can escalate privileges, potentially gaining full
+control of the affected system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch.asc
+# gpg --verify ktls.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ a51345704403 stable/15-n283882
+releng/15.1/ 48c1c5e3c348 releng/15.1-n283550
+releng/15.0/ 540a315cdb46 releng/15.0-n281052
+stable/14/ 333bdd7e9427 stable/14-n274311
+releng/14.4/ d43259dd66b3 releng/14.4-n273714
+releng/14.3/ af3398862ac0 releng/14.3-n271514
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-45257>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:26.ktls.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiUwbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv6hQP/3x8lGHZpLeT8PjB5NMF
+xCfwzKQlu5vlkOqSv+9uEGsh3FQa9gHE/68SwZYa01waeFbTSKpBvrf1X4kRKGnE
+r3z8DSAPnVqSRzp4k0PNTxPLtF09FfWiMEBA+PIedL91WkG24gQ63k3fORVjkSvs
+a/uY1DQnmypV2mdV/S/hWmrtVCmi5itZKsVedZFoZHZ04GKwIObMoqXgtbUxdfhJ
+XvjSCqGgvpsUPVpE72nKYAbbL81w344tNOGtjoC07utitkLoHtMlYqMTfXCv0dY7
+Oo3RZ408afAl1CalUdZ64KXJWqjCZt3FWxtn4ugZkewLc3cDyO5Y2ZUDMAb71P/V
+Sdq6+GRIC5wMOmd2C2Wb4C72FODhh4o4+n/E7qeIojT5jozWNFAFN0ugzNcqzuM9
+b8ekwLWK9MbtjZWF1A0OhsLqQoYuBcwX4RymVJCfpEnlPEDwaf0fv/Sx/OyU9MBx
+zbT/Thqa9cB++4U6Obodcj55mXM9p23b9OpEnSD5FKlhxXPxCYW5gc2mK4k+yoKd
+5ZCzzcdzbMoNgqyHnvrBgFGMsPggXJxaidsRFtVSb9E1GWQUweyN9hR10Gr8wX5j
+QL18EHe3Lcgg2Z+mi8NQ8lrqPoGpTIjZ8enEYHLrILe/p8JMjNU5fe+YqQTE0tyD
+pWQqqx8AYbHJsnCDELTeqt96
+=lD4w
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:27.sound.asc b/website/static/security/advisories/FreeBSD-SA-26:27.sound.asc
new file mode 100644
index 0000000000..14595411b0
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:27.sound.asc
@@ -0,0 +1,186 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:27.sound Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in the sound(4) mmap path
+
+Category: core
+Module: sound
+Announced: 2026-06-09
+Credits: Lexpl0it, 75Acol, ch0wn, zer0duck (CVE-2026-45258)
+Credits: Emmanuel Genier from Quarkslab (CVE-2026-45258)
+Credits: Hazley Samsudin of GovTech CSG (CVE-2026-45258)
+Credits: Lexpl0it, 75Acol, Liyw979, Rob1n (CVE-2026-49417)
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-06-09 19:17:31 UTC (stable/15, 15.1-STABLE)
+ 2026-06-09 19:20:08 UTC (releng/15.1, 15.1-RC3-p1)
+ 2026-06-09 19:19:45 UTC (releng/15.0, 15.0-RELEASE-p10)
+ 2026-06-09 19:17:48 UTC (stable/14, 14.4-STABLE)
+ 2026-06-09 19:19:07 UTC (releng/14.4, 14.4-RELEASE-p6)
+ 2026-06-09 19:18:37 UTC (releng/14.3, 14.3-RELEASE-p15)
+CVE Name: CVE-2026-45258, CVE-2026-49417
+
+CVE-2026-45258 was independently reported by multiple parties prior to
+publication.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD provides audio support through the sound(4) driver, which presents
+each audio device as a set of character device nodes such as /dev/dsp.
+Applications can use mmap(2) on these devices to map a channel's audio
+buffer directly into their address space.
+
+II. Problem Description
+
+The sound(4) driver contained two memory-safety errors in its mmap(2)
+support.
+
+First, dsp_mmap_single() validated the requested mapping by checking the
+sum of the user-supplied offset and length against the buffer size. This
+addition could overflow, so that a large offset and length wrapped around
+and passed the check. The offset was then narrowed from 64 to 32 bits when
+converted to a buffer address, yielding a mapping that extended past the
+audio buffer into unrelated kernel memory. (CVE-2026-45258)
+
+Second, the audio buffer backing a mapping could be freed when the device
+was closed even though the mapping remained valid. The freed memory could
+then be reused elsewhere while still accessible through the stale mapping.
+(CVE-2026-49417)
+
+III. Impact
+
+The /dev/dsp device nodes are world-accessible by default. On a system
+with an audio device, either issue allows an unprivileged local user to
+read and write kernel memory, which can be used to escalate privileges,
+potentially gaining full control of the affected system. At a minimum, an
+attacker can crash the kernel, resulting in a Denial of Service (DoS).
+
+IV. Workaround
+
+No workaround is available. Systems with no sound devices are unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.1]
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.1.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.1.patch.asc
+# gpg --verify sound-15.1.patch.asc
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.0.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-15.0.patch.asc
+# gpg --verify sound-15.0.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.4.patch.asc
+# gpg --verify sound-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:27/sound-14.3.patch.asc
+# gpg --verify sound-14.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
*** 1859077 LINES SKIPPED ***