git: 0619129272 - main - Add EN-26:16, EN-26:17, and SA-26:37 through SA-26:49.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Jun 2026 19:34:43 UTC
The branch main has been updated by gordon:
URL: https://cgit.FreeBSD.org/doc/commit/?id=0619129272718ced6ec49568516a637bf4b49d9f
commit 0619129272718ced6ec49568516a637bf4b49d9f
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2026-06-30 19:33:29 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2026-06-30 19:34:29 +0000
Add EN-26:16, EN-26:17, and SA-26:37 through SA-26:49.
Approved by: so
---
website/data/security/advisories.toml | 52 +
website/data/security/errata.toml | 8 +
.../security/advisories/FreeBSD-EN-26:16.arm64.asc | 148 ++
.../advisories/FreeBSD-EN-26:17.rpcsec_tls.asc | 146 ++
.../security/advisories/FreeBSD-SA-26:37.vm.asc | 159 ++
.../security/advisories/FreeBSD-SA-26:38.jail.asc | 155 ++
.../advisories/FreeBSD-SA-26:39.execve.asc | 163 +++
.../security/advisories/FreeBSD-SA-26:40.zfs.asc | 183 +++
.../advisories/FreeBSD-SA-26:41.libalias.asc | 172 +++
.../advisories/FreeBSD-SA-26:42.unlinkat.asc | 160 ++
.../security/advisories/FreeBSD-SA-26:43.tcp.asc | 157 ++
.../advisories/FreeBSD-SA-26:44.posixshm.asc | 170 +++
.../security/advisories/FreeBSD-SA-26:45.audit.asc | 158 ++
.../security/advisories/FreeBSD-SA-26:46.ktls.asc | 162 ++
.../security/advisories/FreeBSD-SA-26:47.linux.asc | 153 ++
.../advisories/FreeBSD-SA-26:48.compat32.asc | 145 ++
.../security/advisories/FreeBSD-SA-26:49.iconv.asc | 154 ++
.../static/security/patches/EN-26:16/arm64.patch | 20 +
.../security/patches/EN-26:16/arm64.patch.asc | 17 +
.../security/patches/EN-26:17/rpcsec_tls.patch | 64 +
.../security/patches/EN-26:17/rpcsec_tls.patch.asc | 17 +
.../static/security/patches/SA-26:37/vm-14.patch | 142 ++
.../security/patches/SA-26:37/vm-14.patch.asc | 17 +
.../static/security/patches/SA-26:37/vm-15.patch | 145 ++
.../security/patches/SA-26:37/vm-15.patch.asc | 17 +
.../static/security/patches/SA-26:38/jail.patch | 42 +
.../security/patches/SA-26:38/jail.patch.asc | 17 +
.../security/patches/SA-26:39/execve-14.3.patch | 1526 +++++++++++++++++++
.../patches/SA-26:39/execve-14.3.patch.asc | 17 +
.../security/patches/SA-26:39/execve-14.4.patch | 1526 +++++++++++++++++++
.../patches/SA-26:39/execve-14.4.patch.asc | 17 +
.../security/patches/SA-26:39/execve-15.patch | 1542 ++++++++++++++++++++
.../security/patches/SA-26:39/execve-15.patch.asc | 17 +
.../static/security/patches/SA-26:40/zfs-14.patch | 598 ++++++++
.../security/patches/SA-26:40/zfs-14.patch.asc | 17 +
.../static/security/patches/SA-26:40/zfs-15.patch | 598 ++++++++
.../security/patches/SA-26:40/zfs-15.patch.asc | 17 +
.../security/patches/SA-26:41/libalias-14.patch | 411 ++++++
.../patches/SA-26:41/libalias-14.patch.asc | 17 +
.../security/patches/SA-26:41/libalias-15.patch | 411 ++++++
.../patches/SA-26:41/libalias-15.patch.asc | 17 +
.../security/patches/SA-26:42/unlinkat-14.patch | 258 ++++
.../patches/SA-26:42/unlinkat-14.patch.asc | 17 +
.../security/patches/SA-26:42/unlinkat-15.patch | 258 ++++
.../patches/SA-26:42/unlinkat-15.patch.asc | 17 +
website/static/security/patches/SA-26:43/tcp.patch | 10 +
.../static/security/patches/SA-26:43/tcp.patch.asc | 17 +
.../security/patches/SA-26:44/posixshm-14.patch | 336 +++++
.../patches/SA-26:44/posixshm-14.patch.asc | 17 +
.../security/patches/SA-26:44/posixshm-15.0.patch | 339 +++++
.../patches/SA-26:44/posixshm-15.0.patch.asc | 17 +
.../security/patches/SA-26:44/posixshm-15.1.patch | 339 +++++
.../patches/SA-26:44/posixshm-15.1.patch.asc | 17 +
.../static/security/patches/SA-26:45/audit.patch | 11 +
.../security/patches/SA-26:45/audit.patch.asc | 17 +
.../static/security/patches/SA-26:46/ktls.patch | 172 +++
.../security/patches/SA-26:46/ktls.patch.asc | 17 +
.../static/security/patches/SA-26:47/linux.patch | 10 +
.../security/patches/SA-26:47/linux.patch.asc | 17 +
.../security/patches/SA-26:48/compat32.patch | 11 +
.../security/patches/SA-26:48/compat32.patch.asc | 17 +
.../static/security/patches/SA-26:49/iconv.patch | 532 +++++++
.../security/patches/SA-26:49/iconv.patch.asc | 17 +
63 files changed, 12137 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 6558eefda7..3dee86a4c6 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,58 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:49.iconv"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:48.compat32"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:47.linux"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:46.ktls"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:45.audit"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:44.posixshm"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:43.tcp"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:42.unlinkat"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:41.libalias"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:40.zfs"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:39.execve"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:38.jail"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:37.vm"
+date = "2026-06-30"
+
[[advisories]]
name = "FreeBSD-SA-26:36.ldns"
date = "2026-06-09"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 3ecb2721f7..e6cb101d6d 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-26:17.rpcsec_tls"
+date = "2026-06-30"
+
+[[notices]]
+name = "FreeBSD-EN-26:16.arm64"
+date = "2026-06-30"
+
[[notices]]
name = "FreeBSD-EN-26:15.openssl"
date = "2026-06-09"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc b/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc
new file mode 100644
index 0000000000..df83f21be3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:16.arm64 Errata Notice
+ The FreeBSD Project
+
+Topic: 32-bit setcontext(2) and swapcontext(2) fail on arm64
+
+Category: core
+Module: arm64
+Announced: 2026-06-30
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-06-29 08:11:12 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:50 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:18 UTC (releng/15.0, 15.0-RELEASE-p11)
+ 2026-06-29 08:14:41 UTC (stable/14, 14.4-STABLE)
+ 2026-06-30 17:20:53 UTC (releng/14.4, 14.4-RELEASE-p7)
+ 2026-06-30 17:20:26 UTC (releng/14.3, 14.3-RELEASE-p16)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD/arm64 supports running 32-bit (armv7) binaries via its
+freebsd32 compatibility layer.
+
+The setcontext(2) and swapcontext(2) system calls allow a process to
+save and restore its execution context.
+
+II. Problem Description
+
+The freebsd32 implementations of setcontext(2) and swapcontext(2) on
+arm64 returned incorrect values on success, causing the system call to
+be treated as though it had failed.
+
+III. Impact
+
+32-bit armv7 applications that use setcontext(2) or swapcontext(2)
+may crash or behave incorrectly when running on arm64 hosts. This
+has been observed to cause random crashes in Ruby applications in
+particular.
+
+IV. Workaround
+
+No workaround is available. Systems that do not run 32-bit armv7
+binaries on arm64 are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r now
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:16/arm64.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:16/arm64.patch.asc
+# gpg --verify arm64.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 964215aa1347 stable/15-n284267
+releng/15.1/ a2235baa622b releng/15.1-n283563
+releng/15.0/ b77d19dcc0d5 releng/15.0-n281065
+stable/14/ 58a15fe75cc5 stable/14-n274442
+releng/14.4/ f902821db095 releng/14.4-n273727
+releng/14.3/ e96d0e1fccf5 releng/14.3-n271527
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:16.arm64.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEicbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvs+0P/1v4QrAHy1/m9y7/c4UY
+QNrdbnidEFMSzQiAUXaKJyJmIU9kTDlLcrsGgRw7r5KoUCux7DgW9gJ4xX9HgaDM
+X4x4a5BueaU5XJtUQ+tiMWm0TRsWpiGhBc6ZvqSiHVGwQHvQrrQ4T2nBl7NdM29G
+19sdVRzjj/gvytXZCrQ9FJrkUkrWb24AX9HF6LmtIifphp47uLAdqGSZtDTLyvGZ
+U1zYTP0a4PETYaCk2gAfr8qQuZrx+7gDLFLnDJ9YPGIbhFVBv1ig1tMDHuwZed8o
+LsLf0pVoStazpnG+G+e8VHbA31I5hN041N9q2fNU79KFcLr1ADm7X6vEniL3pqsA
+CvhDq8WyQ9lhM7FLx9kfcFOOat/eWEBxjZN1gDU2asuROhcm1P9pVHlCTA5/96i2
+y/HJSUYdIgScQQ6RVV5K0ZQSfj8gJF73twhmQqRXNXekUypMwVTw0E1wXFWIE80f
+kOtQmviV4j9R59efv+CTSZs73XVnx/yv97cayk/pRwxrc0ZNu3cc6B1GY7AZfu02
+jx0bsOSLF/nBz+eQYSr8+jZTT+Qv5RY5ep0uDPmqlN/QBBvT+Mccdd3lWeBbuOah
+8+qaGy360hfo3PVjv+e/yMkaXJ3Gmn766TvPn4LeTwSeL+SEzHrpF/Bq4jlBXP+C
+bdvDqx+46YN/96VdSl5KpnoK
+=+mor
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc b/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc
new file mode 100644
index 0000000000..f107650133
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:17.rpcsec_tls Errata Notice
+ The FreeBSD Project
+
+Topic: Socket refcount underflow in the NFS server
+
+Category: core
+Module: rpcsec_tls
+Announced: 2026-06-30
+Affects: FreeBSD 15.0 and later
+Corrected: 2026-06-22 13:26:26 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:51 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:19 UTC (releng/15.0, 15.0-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The kernel RPC subsystem implements Transport Layer Security (TLS) for
+NFS. TLS handshakes are performed by the userspace daemon
+rpc.tlsservd(8) via an upcall mechanism: the kernel inserts a pending
+socket into a lookup tree, invokes the daemon, and removes the socket
+once the handshake completes or fails.
+
+II. Problem Description
+
+When the kernel inserted a socket into the upcall tree, it did not
+acquire its own reference on the socket. If the TLS handshake upcall
+subsequently failed, the error-handling path closed the socket to
+clean up the tree entry, but this effectively released the transport
+layer's reference rather than one owned by the upcall tree.
+
+III. Impact
+
+A server-side TLS handshake failure, for example because rpc.tlsservd(8)
+is not running, can cause a socket reference count underflow in the NFS
+server. This results in a kernel panic.
+
+IV. Workaround
+
+No workaround is available. Systems that are not running an
+NFS server are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot the
+system.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r now
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:17/rpcsec_tls.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:17/rpcsec_tls.patch.asc
+# gpg --verify rpcsec_tls.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ f3b14134dec1 stable/15-n284051
+releng/15.1/ c04ca8bd36f7 releng/15.1-n283564
+releng/15.0/ 7b3373d4eb5f releng/15.0-n281066
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289734>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEi4bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv6iMP+wfOwos1/WMyrtvqWs7a
+u3kbN4H3ricGyNAP4SE1dEWAiFOkG17CaSBgvJMFHm4dOqtoCzSuHrwx6zOzCwbr
+xSQE4LKcfimt/hh59cF1Q0701Hwk7kkf8h/hTIgF0gGr3OW+OtdguNj+p3Qx6zMG
+0wZxTM5+dTquAwlmi3YUwR5+WOu9/rUoqk88m6HlddqoyGWdbhIR6X2YLD4c1zV9
+ErPckBTcBt2anBZYYwzPhmbnRE4IFfESFPvpkqPaxzga4mbQ2RZRUit2eCFwb+WD
+rDhImlpcPLvJm9slvEfJw4y4pjQjIRWuKT0VBv9oobU86+3l2NPnMwU24lL6X0y3
+XEljVwjQ7ODgyGySS9FDoLzGSwnjQ+LnpNWy6yn+GV9a4v7Dp8PBduF+bLSdusrl
+8zWU9EGYOv9svF8Z8Wd7uQWsAvHgXoyb2GxRhV7jj4M/BG4+49OSvW0p1u0ZwyXt
+2CUiZV59MBaVddzk3Lu5iHmvVkbyNYvChGulea1j3QBn9FyrHWZ6EZ6lSXT9k5gv
+RF4sT/tnx2xf/mBz2wz2yfBviprkfQwoGhBJ7txiPFsrvLIwcW+pegrRYcJ9Bx21
+GagSCWTKp7MBP1TX6L8JWiVj283m0PV48fH3Cztoa5cj5zr97USNWiCJhdDxQH52
+3RRPzqVEk2s3HPdMGoz5zwus
+=LLkf
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc b/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc
new file mode 100644
index 0000000000..53e86f2bd3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc
@@ -0,0 +1,159 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:37.vm Security Advisory
+ The FreeBSD Project
+
+Topic: Use-after-free in device pager page list
+
+Category: core
+Module: vm
+Announced: 2026-06-30
+Credits: slidybat
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-06-30 17:20:07 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:52 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:20 UTC (releng/15.0, 15.0-RELEASE-p11)
+ 2026-06-30 17:19:47 UTC (stable/14, 14.4-STABLE)
+ 2026-06-30 17:20:54 UTC (releng/14.4, 14.4-RELEASE-p7)
+ 2026-06-30 17:20:27 UTC (releng/14.3, 14.3-RELEASE-p16)
+CVE Name: CVE-2026-49418
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD virtual memory subsystem uses pager objects to manage
+memory-mapped device pages. Unmanaged device pager objects maintain
+an internal list of pages allocated by the device fault handler; this
+list is used to free the pages when the mapping is destroyed.
+
+II. Problem Description
+
+When msync(MS_INVALIDATE) is called on a mapping of an unmanaged device
+object, the physical pages in the mapping range are marked invalid but
+remain in the pager's page list. A subsequent page fault will cause the
+fault handler to re-insert the page into the object's list. This
+corrupts the list, and on object destruction the page is freed twice.
+
+III. Impact
+
+An unprivileged local user with access to a device that provides
+memory-mapped I/O can trigger a use-after-free in the kernel, though
+this is limited to a pool of objects ("fictitious pages") that are never
+recycled for a different purpose. It may be possible to exploit this to
+escalate privileges.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-15.patch.asc
+# gpg --verify vm-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-14.patch.asc
+# gpg --verify vm-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 21929fbe1ced stable/15-n284323
+releng/15.1/ 958de92ab2dc releng/15.1-n283565
+releng/15.0/ 2baf56862bfd releng/15.0-n281067
+stable/14/ 715831359fa7 stable/14-n274447
+releng/14.4/ 4c9e89c85d7c releng/14.4-n273728
+releng/14.3/ 78bd098b9f83 releng/14.3-n271528
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49418>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:37.vm.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjAbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvZmgQALulswibuZPW1hUdWD6t
+M/k6X1fBPbK8lg1Yj5J5Bnh4n1YyB4YzntGaAfLiq5mjpQqxskWtkpIWVqkVe3qO
+TKt9113HEn9bkBBrd1u8D708atb6jAAol+JrWeYRTkkUjBTPE3Oltgv9+ln4VyOJ
+agSTKRIgved3hxKr88+ms6yLQ4cymeeecPa1/0Brb+5kqWxOIia/DUbx1IebD9xY
+GPzwgR9RGMdrHBQsZMwvKx7P5kdb0lp6DFhFP3y8AUZEbgjUOI3832KWje1PsXpj
+wqLTxTuXGgRcARm0hl41GQO5FemrRm6sMA699aJ04EMhd+Z453IwNeBzGwsMV1R6
+vEUfqVHUUV3Kzr6MuGSFaaYpvR/99XcK0XYI6aarVfM0JaTn5Wtn80OplD+xbMpr
+NN0SHRpM2zOmJ1Cmzv3qBRTGxkbBHR1Evrj8Kdc18xhV2Gn8tEhCd5RZBu7exmVA
+RQxuaOD70lOk+7dV2nS+w2OYKLHMhgfWFgQCzmi37F1K7qDDScT0xlgH0rbc6l5W
+ntbBim3/FTsLQxzGXcPhteWp1vYeqmMqQqyZ4cPzxqk/20LPbjmB1MSI9YlU0GHm
+/e+gouXdyruJK0p4sAsH/HyrgXwqprBF4N5xOY/f/kDWznuO7w6y9yc9OynCAnxA
+P8ZqzeJU+9SMnrQxrs0JcNEi
+=BnYM
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc b/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc
new file mode 100644
index 0000000000..17f5ad3c8f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:38.jail Security Advisory
+ The FreeBSD Project
+
+Topic: Jail reference count underflow
+
+Category: core
+Module: jail
+Announced: 2026-06-30
+Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and
+ Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Affects: FreeBSD 15.0 and later
+Corrected: 2026-06-12 17:59:54 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:54 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:21 UTC (releng/15.0, 15.0-RELEASE-p11)
+CVE Name: CVE-2026-49419
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Jails are an operating system virtualization technology which allow
+administrators to confine processes within an environment with limited
+ability to affect the system outside of that environment. The
+jail_set(2) and jail_get(2) system calls are used to create, modify,
+and query jails.
+
+Starting in FreeBSD 15.0, jails can be referred to using jail
+descriptors, a type of file descriptor tied to a particular jail. The
+JAIL_AT_DESC flag causes jail_set(2) and jail_get(2) to operate in the
+context of the jail identified by the descriptor, rather than the
+caller's current jail.
+
+II. Problem Description
+
+When the JAIL_AT_DESC flag is specified, kern_jail_set() and
+kern_jail_get() released the reference to the caller's current prison
+before looking up the jail descriptor. If the descriptor lookup
+failed, error-handling paths released the same reference a second
+time.
+
+III. Impact
+
+An unprivileged local user can trigger a prison reference count
+underflow, which may cause the prison structure to be freed while still
+in use. When this is done on the jail host, the bug will generally
+result in an immediate panic. However, if the user is running in a
+jail, then it may be possible to exploit the bug to elevate privileges.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:38/jail.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:38/jail.patch.asc
+# gpg --verify jail.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 4938fd9361b4 stable/15-n283929
+releng/15.1/ fc9fe1b9f024 releng/15.1-n283566
+releng/15.0/ 029528221261 releng/15.0-n281068
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49419>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:38.jail.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjQbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvyHIQAJzpVmMYymSw2XqUga4f
+DLmFIgbf8rLcZPmcCJ71yFBxC/Je7jEyu5BJo+83sdxaL554UCKYtlADrtvFcb5d
+Lyou2mGgchuGB50KPeUtwZw4M6BbhOvWGh4syTv/aKuoKyFRLLyWz9UiDWI32Fjh
+OUuEpcsQOoGXPKcItEO+LkDGC90YxAa1ERl+Z7YbKy5oFZ7iiUrgvV+Ethx+FvK5
+WYUDJAbIlrcsF2xyKHag/j/PjNmJNt6oT7i69BHz+9NhXGKFCGqBvUeX4b8TaQM5
+R0nfYL1rBuf7vPmvQRKqXsKfzr4lPIN+g1MnILMvb85dmfukP8r3LqjLHbBoNT5a
+lLoFNU7qvR3Mt4bNGxMAZegkWoD+DrgtmQhyB6Tv8EtoCaiOk08EsnKS3BPCwGlv
+YYvbn4clZUfTY2bOZR1+rqeTnjgkOlqD4Jaa0c0iTyUOh/+KpfniHSFHdmxXbXjZ
+upuWU+pxbfc/cHEWTAXlbJxSUOwuiNoSB4iSMAIwEM2TmrjFvri4CcgY2YJIpUoW
+c5w2SLWe8GtNgipuPPQNqLPJ3fooWxrqF+fegHC2tv4lvpSOQbPFDvxOF1b+sCIR
+7hxeglpyfCUwvq9k8/LZtdoFSE4HE9sKlvZ0CbabYh8C1bIoozqJlMwRg+VhG1q7
+XWX6sgatGhZHNDndm2p8/YUw
+=DzLZ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc b/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc
new file mode 100644
index 0000000000..81dfec2160
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:39.execve Security Advisory
+ The FreeBSD Project
+
+Topic: Local privilege escalation via execve(2) TOCTOU race
+
+Category: core
+Module: execve
+Announced: 2026-06-30
+Credits: Synacktiv
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-06-26 22:20:44 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:55 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:22 UTC (releng/15.0, 15.0-RELEASE-p11)
+ 2026-06-28 00:30:18 UTC (stable/14, 14.4-STABLE)
+ 2026-06-30 17:20:55 UTC (releng/14.4, 14.4-RELEASE-p7)
+ 2026-06-30 17:20:28 UTC (releng/14.3, 14.3-RELEASE-p16)
+CVE Name: CVE-2026-49415
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The execve(2) system call replaces the calling process's image with a
+new executable. When the target binary is set-user-ID (SUID), the
+kernel installs a new virtual address space containing the binary's
+code and data, then changes the process credentials to those of the
+file owner.
+
+II. Problem Description
+
+During execve(2) of a SUID binary, the new virtual address space is
+installed before the process credentials are updated. During this
+window, a process running as the same user can access the target
+process's memory via procfs or linprocfs, because the kernel's
+debugging permission check still saw the original credentials.
+
+III. Impact
+
+An unprivileged local user can exploit this race to modify the
+address space of a SUID binary before its credentials are elevated,
+potentially gaining full control of the affected system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-15.patch.asc
+# gpg --verify execve-15.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.4.patch.asc
+# gpg --verify execve-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.3.patch.asc
+# gpg --verify execve-14.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ a80e40ce9ee0 stable/15-n284141
+releng/15.1/ 46f7b5a64048 releng/15.1-n283567
+releng/15.0/ de7144f7c391 releng/15.0-n281069
+stable/14/ bb1154f3ea20 stable/14-n274435
+releng/14.4/ 8fbbc185a3ff releng/14.4-n273729
+releng/14.3/ 6772a8ece2c0 releng/14.3-n271529
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49415>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:39.execve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjcbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvI88QAI5z9LuCV46PtN5Nxw7f
+wv6davrwFt1N/q+hXVXKR0LNU7Q7nB5okGi0ipcjSqIC/9OaTMl9BsT7dA3yxeZi
+D1SN0kdrUyTsCNy2jMR/jd21uUMpcMHJYeUEzp9SNtiMwEEWYXNgsr5mX3sqG7/Z
+W6RJ5xBXfG0rePsXQ2wRkYsEZzK+sJJWSgPmxqRu+ruQYollVTExjOZfSm7l1ipq
+GS150pQ3kw5XNv2+fTnTxphJCXXvB9ZQRYb0ks4D3E/+r/bmY+OZmdnhGzCh6gEh
+Es4FmUAAWFbTtu355GcwOR+wy5AG1BxDVL+0D/8mM2EhbKBM5In54Q6JteMl7JeT
+DL1kt9nGOG5KXOZmcJdL5vsFg6vbdDvTGD1ufgcddesp6qD5JYh00Gg/2zQTxLjj
+EHIc0Oked/eIwObSKypbSYICGQRLC8QdeisdoDgmbWHAxc1OBJY/o+T6emcsDbT8
+qpl3e9CNcGTRAznrrfHS3WJatIHcvLPInxKleXUbXAwcI5IzOWDGuBgOg/GeSdsz
+ybPU1NMsT+vqOQ67O7ENjJo/djXxyTQI/ExUR9nFrKZL/ma3EP4G+xyD+1pFW+Pk
+HCm1RbMayr75ck7Wb6rjbc6fgPIK/djz1f2rzYMFipt8U1qiiAN552AQ6/mFMjGS
+Dp8iGjzGu60Hf9IaLXxTOcYV
+=HivV
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc b/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc
new file mode 100644
index 0000000000..82d21b8c2b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc
@@ -0,0 +1,183 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:40.zfs Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in OpenZFS
+
+Category: contrib
+Module: openzfs
+Announced: 2026-06-30
+Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
+ and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Credits: Emmanuel Genier at Quarkslab
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-06-17 07:21:06 UTC (stable/15, 15.1-STABLE)
+ 2026-06-30 17:21:56 UTC (releng/15.1, 15.1-RELEASE-p1)
+ 2026-06-30 17:21:23 UTC (releng/15.0, 15.0-RELEASE-p11)
*** 11617 LINES SKIPPED ***