git: 0619129272 - main - Add EN-26:16, EN-26:17, and SA-26:37 through SA-26:49.

From: Gordon Tetlow <gordon_at_FreeBSD.org>
Date: Tue, 30 Jun 2026 19:34:43 UTC
The branch main has been updated by gordon:

URL: https://cgit.FreeBSD.org/doc/commit/?id=0619129272718ced6ec49568516a637bf4b49d9f

commit 0619129272718ced6ec49568516a637bf4b49d9f
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2026-06-30 19:33:29 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2026-06-30 19:34:29 +0000

    Add EN-26:16, EN-26:17, and SA-26:37 through SA-26:49.
    
    Approved by:    so
---
 website/data/security/advisories.toml              |   52 +
 website/data/security/errata.toml                  |    8 +
 .../security/advisories/FreeBSD-EN-26:16.arm64.asc |  148 ++
 .../advisories/FreeBSD-EN-26:17.rpcsec_tls.asc     |  146 ++
 .../security/advisories/FreeBSD-SA-26:37.vm.asc    |  159 ++
 .../security/advisories/FreeBSD-SA-26:38.jail.asc  |  155 ++
 .../advisories/FreeBSD-SA-26:39.execve.asc         |  163 +++
 .../security/advisories/FreeBSD-SA-26:40.zfs.asc   |  183 +++
 .../advisories/FreeBSD-SA-26:41.libalias.asc       |  172 +++
 .../advisories/FreeBSD-SA-26:42.unlinkat.asc       |  160 ++
 .../security/advisories/FreeBSD-SA-26:43.tcp.asc   |  157 ++
 .../advisories/FreeBSD-SA-26:44.posixshm.asc       |  170 +++
 .../security/advisories/FreeBSD-SA-26:45.audit.asc |  158 ++
 .../security/advisories/FreeBSD-SA-26:46.ktls.asc  |  162 ++
 .../security/advisories/FreeBSD-SA-26:47.linux.asc |  153 ++
 .../advisories/FreeBSD-SA-26:48.compat32.asc       |  145 ++
 .../security/advisories/FreeBSD-SA-26:49.iconv.asc |  154 ++
 .../static/security/patches/EN-26:16/arm64.patch   |   20 +
 .../security/patches/EN-26:16/arm64.patch.asc      |   17 +
 .../security/patches/EN-26:17/rpcsec_tls.patch     |   64 +
 .../security/patches/EN-26:17/rpcsec_tls.patch.asc |   17 +
 .../static/security/patches/SA-26:37/vm-14.patch   |  142 ++
 .../security/patches/SA-26:37/vm-14.patch.asc      |   17 +
 .../static/security/patches/SA-26:37/vm-15.patch   |  145 ++
 .../security/patches/SA-26:37/vm-15.patch.asc      |   17 +
 .../static/security/patches/SA-26:38/jail.patch    |   42 +
 .../security/patches/SA-26:38/jail.patch.asc       |   17 +
 .../security/patches/SA-26:39/execve-14.3.patch    | 1526 +++++++++++++++++++
 .../patches/SA-26:39/execve-14.3.patch.asc         |   17 +
 .../security/patches/SA-26:39/execve-14.4.patch    | 1526 +++++++++++++++++++
 .../patches/SA-26:39/execve-14.4.patch.asc         |   17 +
 .../security/patches/SA-26:39/execve-15.patch      | 1542 ++++++++++++++++++++
 .../security/patches/SA-26:39/execve-15.patch.asc  |   17 +
 .../static/security/patches/SA-26:40/zfs-14.patch  |  598 ++++++++
 .../security/patches/SA-26:40/zfs-14.patch.asc     |   17 +
 .../static/security/patches/SA-26:40/zfs-15.patch  |  598 ++++++++
 .../security/patches/SA-26:40/zfs-15.patch.asc     |   17 +
 .../security/patches/SA-26:41/libalias-14.patch    |  411 ++++++
 .../patches/SA-26:41/libalias-14.patch.asc         |   17 +
 .../security/patches/SA-26:41/libalias-15.patch    |  411 ++++++
 .../patches/SA-26:41/libalias-15.patch.asc         |   17 +
 .../security/patches/SA-26:42/unlinkat-14.patch    |  258 ++++
 .../patches/SA-26:42/unlinkat-14.patch.asc         |   17 +
 .../security/patches/SA-26:42/unlinkat-15.patch    |  258 ++++
 .../patches/SA-26:42/unlinkat-15.patch.asc         |   17 +
 website/static/security/patches/SA-26:43/tcp.patch |   10 +
 .../static/security/patches/SA-26:43/tcp.patch.asc |   17 +
 .../security/patches/SA-26:44/posixshm-14.patch    |  336 +++++
 .../patches/SA-26:44/posixshm-14.patch.asc         |   17 +
 .../security/patches/SA-26:44/posixshm-15.0.patch  |  339 +++++
 .../patches/SA-26:44/posixshm-15.0.patch.asc       |   17 +
 .../security/patches/SA-26:44/posixshm-15.1.patch  |  339 +++++
 .../patches/SA-26:44/posixshm-15.1.patch.asc       |   17 +
 .../static/security/patches/SA-26:45/audit.patch   |   11 +
 .../security/patches/SA-26:45/audit.patch.asc      |   17 +
 .../static/security/patches/SA-26:46/ktls.patch    |  172 +++
 .../security/patches/SA-26:46/ktls.patch.asc       |   17 +
 .../static/security/patches/SA-26:47/linux.patch   |   10 +
 .../security/patches/SA-26:47/linux.patch.asc      |   17 +
 .../security/patches/SA-26:48/compat32.patch       |   11 +
 .../security/patches/SA-26:48/compat32.patch.asc   |   17 +
 .../static/security/patches/SA-26:49/iconv.patch   |  532 +++++++
 .../security/patches/SA-26:49/iconv.patch.asc      |   17 +
 63 files changed, 12137 insertions(+)

diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 6558eefda7..3dee86a4c6 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,58 @@
 # Sort advisories by year, month and day
 # $FreeBSD$
 
+[[advisories]]
+name = "FreeBSD-SA-26:49.iconv"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:48.compat32"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:47.linux"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:46.ktls"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:45.audit"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:44.posixshm"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:43.tcp"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:42.unlinkat"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:41.libalias"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:40.zfs"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:39.execve"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:38.jail"
+date = "2026-06-30"
+
+[[advisories]]
+name = "FreeBSD-SA-26:37.vm"
+date = "2026-06-30"
+
 [[advisories]]
 name = "FreeBSD-SA-26:36.ldns"
 date = "2026-06-09"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 3ecb2721f7..e6cb101d6d 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
 # Sort errata notices by year, month and day
 # $FreeBSD$
 
+[[notices]]
+name = "FreeBSD-EN-26:17.rpcsec_tls"
+date = "2026-06-30"
+
+[[notices]]
+name = "FreeBSD-EN-26:16.arm64"
+date = "2026-06-30"
+
 [[notices]]
 name = "FreeBSD-EN-26:15.openssl"
 date = "2026-06-09"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc b/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc
new file mode 100644
index 0000000000..df83f21be3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:16.arm64.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:16.arm64                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          32-bit setcontext(2) and swapcontext(2) fail on arm64
+
+Category:       core
+Module:         arm64
+Announced:      2026-06-30
+Affects:        All supported versions of FreeBSD.
+Corrected:      2026-06-29 08:11:12 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:50 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:18 UTC (releng/15.0, 15.0-RELEASE-p11)
+                2026-06-29 08:14:41 UTC (stable/14, 14.4-STABLE)
+                2026-06-30 17:20:53 UTC (releng/14.4, 14.4-RELEASE-p7)
+                2026-06-30 17:20:26 UTC (releng/14.3, 14.3-RELEASE-p16)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD/arm64 supports running 32-bit (armv7) binaries via its
+freebsd32 compatibility layer.
+
+The setcontext(2) and swapcontext(2) system calls allow a process to
+save and restore its execution context.
+
+II.  Problem Description
+
+The freebsd32 implementations of setcontext(2) and swapcontext(2) on
+arm64 returned incorrect values on success, causing the system call to
+be treated as though it had failed.
+
+III. Impact
+
+32-bit armv7 applications that use setcontext(2) or swapcontext(2)
+may crash or behave incorrectly when running on arm64 hosts.  This
+has been observed to cause random crashes in Ruby applications in
+particular.
+
+IV.  Workaround
+
+No workaround is available.  Systems that do not run 32-bit armv7
+binaries on arm64 are not affected.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r now
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:16/arm64.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:16/arm64.patch.asc
+# gpg --verify arm64.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/15/                              964215aa1347    stable/15-n284267
+releng/15.1/                            a2235baa622b  releng/15.1-n283563
+releng/15.0/                            b77d19dcc0d5  releng/15.0-n281065
+stable/14/                              58a15fe75cc5    stable/14-n274442
+releng/14.4/                            f902821db095  releng/14.4-n273727
+releng/14.3/                            e96d0e1fccf5  releng/14.3-n271527
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:16.arm64.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEicbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvs+0P/1v4QrAHy1/m9y7/c4UY
+QNrdbnidEFMSzQiAUXaKJyJmIU9kTDlLcrsGgRw7r5KoUCux7DgW9gJ4xX9HgaDM
+X4x4a5BueaU5XJtUQ+tiMWm0TRsWpiGhBc6ZvqSiHVGwQHvQrrQ4T2nBl7NdM29G
+19sdVRzjj/gvytXZCrQ9FJrkUkrWb24AX9HF6LmtIifphp47uLAdqGSZtDTLyvGZ
+U1zYTP0a4PETYaCk2gAfr8qQuZrx+7gDLFLnDJ9YPGIbhFVBv1ig1tMDHuwZed8o
+LsLf0pVoStazpnG+G+e8VHbA31I5hN041N9q2fNU79KFcLr1ADm7X6vEniL3pqsA
+CvhDq8WyQ9lhM7FLx9kfcFOOat/eWEBxjZN1gDU2asuROhcm1P9pVHlCTA5/96i2
+y/HJSUYdIgScQQ6RVV5K0ZQSfj8gJF73twhmQqRXNXekUypMwVTw0E1wXFWIE80f
+kOtQmviV4j9R59efv+CTSZs73XVnx/yv97cayk/pRwxrc0ZNu3cc6B1GY7AZfu02
+jx0bsOSLF/nBz+eQYSr8+jZTT+Qv5RY5ep0uDPmqlN/QBBvT+Mccdd3lWeBbuOah
+8+qaGy360hfo3PVjv+e/yMkaXJ3Gmn766TvPn4LeTwSeL+SEzHrpF/Bq4jlBXP+C
+bdvDqx+46YN/96VdSl5KpnoK
+=+mor
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc b/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc
new file mode 100644
index 0000000000..f107650133
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:17.rpcsec_tls                                     Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Socket refcount underflow in the NFS server
+
+Category:       core
+Module:         rpcsec_tls
+Announced:      2026-06-30
+Affects:        FreeBSD 15.0 and later
+Corrected:      2026-06-22 13:26:26 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:51 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:19 UTC (releng/15.0, 15.0-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The kernel RPC subsystem implements Transport Layer Security (TLS) for
+NFS.  TLS handshakes are performed by the userspace daemon
+rpc.tlsservd(8) via an upcall mechanism: the kernel inserts a pending
+socket into a lookup tree, invokes the daemon, and removes the socket
+once the handshake completes or fails.
+
+II.  Problem Description
+
+When the kernel inserted a socket into the upcall tree, it did not
+acquire its own reference on the socket.  If the TLS handshake upcall
+subsequently failed, the error-handling path closed the socket to
+clean up the tree entry, but this effectively released the transport
+layer's reference rather than one owned by the upcall tree.
+
+III. Impact
+
+A server-side TLS handshake failure, for example because rpc.tlsservd(8)
+is not running, can cause a socket reference count underflow in the NFS
+server.  This results in a kernel panic.
+
+IV.  Workaround
+
+No workaround is available.  Systems that are not running an
+NFS server are not affected.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot the
+system.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r now
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:17/rpcsec_tls.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:17/rpcsec_tls.patch.asc
+# gpg --verify rpcsec_tls.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/15/                              f3b14134dec1    stable/15-n284051
+releng/15.1/                            c04ca8bd36f7  releng/15.1-n283564
+releng/15.0/                            7b3373d4eb5f  releng/15.0-n281066
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289734>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:17.rpcsec_tls.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEi4bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv6iMP+wfOwos1/WMyrtvqWs7a
+u3kbN4H3ricGyNAP4SE1dEWAiFOkG17CaSBgvJMFHm4dOqtoCzSuHrwx6zOzCwbr
+xSQE4LKcfimt/hh59cF1Q0701Hwk7kkf8h/hTIgF0gGr3OW+OtdguNj+p3Qx6zMG
+0wZxTM5+dTquAwlmi3YUwR5+WOu9/rUoqk88m6HlddqoyGWdbhIR6X2YLD4c1zV9
+ErPckBTcBt2anBZYYwzPhmbnRE4IFfESFPvpkqPaxzga4mbQ2RZRUit2eCFwb+WD
+rDhImlpcPLvJm9slvEfJw4y4pjQjIRWuKT0VBv9oobU86+3l2NPnMwU24lL6X0y3
+XEljVwjQ7ODgyGySS9FDoLzGSwnjQ+LnpNWy6yn+GV9a4v7Dp8PBduF+bLSdusrl
+8zWU9EGYOv9svF8Z8Wd7uQWsAvHgXoyb2GxRhV7jj4M/BG4+49OSvW0p1u0ZwyXt
+2CUiZV59MBaVddzk3Lu5iHmvVkbyNYvChGulea1j3QBn9FyrHWZ6EZ6lSXT9k5gv
+RF4sT/tnx2xf/mBz2wz2yfBviprkfQwoGhBJ7txiPFsrvLIwcW+pegrRYcJ9Bx21
+GagSCWTKp7MBP1TX6L8JWiVj283m0PV48fH3Cztoa5cj5zr97USNWiCJhdDxQH52
+3RRPzqVEk2s3HPdMGoz5zwus
+=LLkf
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc b/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc
new file mode 100644
index 0000000000..53e86f2bd3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:37.vm.asc
@@ -0,0 +1,159 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:37.vm                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Use-after-free in device pager page list
+
+Category:       core
+Module:         vm
+Announced:      2026-06-30
+Credits:        slidybat
+Affects:        All supported versions of FreeBSD.
+Corrected:      2026-06-30 17:20:07 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:52 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:20 UTC (releng/15.0, 15.0-RELEASE-p11)
+                2026-06-30 17:19:47 UTC (stable/14, 14.4-STABLE)
+                2026-06-30 17:20:54 UTC (releng/14.4, 14.4-RELEASE-p7)
+                2026-06-30 17:20:27 UTC (releng/14.3, 14.3-RELEASE-p16)
+CVE Name:       CVE-2026-49418
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD virtual memory subsystem uses pager objects to manage
+memory-mapped device pages.  Unmanaged device pager objects maintain
+an internal list of pages allocated by the device fault handler; this
+list is used to free the pages when the mapping is destroyed.
+
+II.  Problem Description
+
+When msync(MS_INVALIDATE) is called on a mapping of an unmanaged device
+object, the physical pages in the mapping range are marked invalid but
+remain in the pager's page list.  A subsequent page fault will cause the
+fault handler to re-insert the page into the object's list.  This
+corrupts the list, and on object destruction the page is freed twice.
+
+III. Impact
+
+An unprivileged local user with access to a device that provides
+memory-mapped I/O can trigger a use-after-free in the kernel, though
+this is limited to a pool of objects ("fictitious pages") that are never
+recycled for a different purpose.  It may be possible to exploit this to
+escalate privileges.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-15.patch.asc
+# gpg --verify vm-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:37/vm-14.patch.asc
+# gpg --verify vm-14.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/15/                              21929fbe1ced    stable/15-n284323
+releng/15.1/                            958de92ab2dc  releng/15.1-n283565
+releng/15.0/                            2baf56862bfd  releng/15.0-n281067
+stable/14/                              715831359fa7    stable/14-n274447
+releng/14.4/                            4c9e89c85d7c  releng/14.4-n273728
+releng/14.3/                            78bd098b9f83  releng/14.3-n271528
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49418>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:37.vm.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjAbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvZmgQALulswibuZPW1hUdWD6t
+M/k6X1fBPbK8lg1Yj5J5Bnh4n1YyB4YzntGaAfLiq5mjpQqxskWtkpIWVqkVe3qO
+TKt9113HEn9bkBBrd1u8D708atb6jAAol+JrWeYRTkkUjBTPE3Oltgv9+ln4VyOJ
+agSTKRIgved3hxKr88+ms6yLQ4cymeeecPa1/0Brb+5kqWxOIia/DUbx1IebD9xY
+GPzwgR9RGMdrHBQsZMwvKx7P5kdb0lp6DFhFP3y8AUZEbgjUOI3832KWje1PsXpj
+wqLTxTuXGgRcARm0hl41GQO5FemrRm6sMA699aJ04EMhd+Z453IwNeBzGwsMV1R6
+vEUfqVHUUV3Kzr6MuGSFaaYpvR/99XcK0XYI6aarVfM0JaTn5Wtn80OplD+xbMpr
+NN0SHRpM2zOmJ1Cmzv3qBRTGxkbBHR1Evrj8Kdc18xhV2Gn8tEhCd5RZBu7exmVA
+RQxuaOD70lOk+7dV2nS+w2OYKLHMhgfWFgQCzmi37F1K7qDDScT0xlgH0rbc6l5W
+ntbBim3/FTsLQxzGXcPhteWp1vYeqmMqQqyZ4cPzxqk/20LPbjmB1MSI9YlU0GHm
+/e+gouXdyruJK0p4sAsH/HyrgXwqprBF4N5xOY/f/kDWznuO7w6y9yc9OynCAnxA
+P8ZqzeJU+9SMnrQxrs0JcNEi
+=BnYM
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc b/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc
new file mode 100644
index 0000000000..17f5ad3c8f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:38.jail.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:38.jail                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Jail reference count underflow
+
+Category:       core
+Module:         jail
+Announced:      2026-06-30
+Credits:        Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and
+                Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Affects:        FreeBSD 15.0 and later
+Corrected:      2026-06-12 17:59:54 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:54 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:21 UTC (releng/15.0, 15.0-RELEASE-p11)
+CVE Name:       CVE-2026-49419
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+Jails are an operating system virtualization technology which allow
+administrators to confine processes within an environment with limited
+ability to affect the system outside of that environment.  The
+jail_set(2) and jail_get(2) system calls are used to create, modify,
+and query jails.
+
+Starting in FreeBSD 15.0, jails can be referred to using jail
+descriptors, a type of file descriptor tied to a particular jail.  The
+JAIL_AT_DESC flag causes jail_set(2) and jail_get(2) to operate in the
+context of the jail identified by the descriptor, rather than the
+caller's current jail.
+
+II.  Problem Description
+
+When the JAIL_AT_DESC flag is specified, kern_jail_set() and
+kern_jail_get() released the reference to the caller's current prison
+before looking up the jail descriptor.  If the descriptor lookup
+failed, error-handling paths released the same reference a second
+time.
+
+III. Impact
+
+An unprivileged local user can trigger a prison reference count
+underflow, which may cause the prison structure to be freed while still
+in use.  When this is done on the jail host, the bug will generally
+result in an immediate panic.  However, if the user is running in a
+jail, then it may be possible to exploit the bug to elevate privileges.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:38/jail.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:38/jail.patch.asc
+# gpg --verify jail.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/15/                              4938fd9361b4    stable/15-n283929
+releng/15.1/                            fc9fe1b9f024  releng/15.1-n283566
+releng/15.0/                            029528221261  releng/15.0-n281068
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49419>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:38.jail.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjQbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvyHIQAJzpVmMYymSw2XqUga4f
+DLmFIgbf8rLcZPmcCJ71yFBxC/Je7jEyu5BJo+83sdxaL554UCKYtlADrtvFcb5d
+Lyou2mGgchuGB50KPeUtwZw4M6BbhOvWGh4syTv/aKuoKyFRLLyWz9UiDWI32Fjh
+OUuEpcsQOoGXPKcItEO+LkDGC90YxAa1ERl+Z7YbKy5oFZ7iiUrgvV+Ethx+FvK5
+WYUDJAbIlrcsF2xyKHag/j/PjNmJNt6oT7i69BHz+9NhXGKFCGqBvUeX4b8TaQM5
+R0nfYL1rBuf7vPmvQRKqXsKfzr4lPIN+g1MnILMvb85dmfukP8r3LqjLHbBoNT5a
+lLoFNU7qvR3Mt4bNGxMAZegkWoD+DrgtmQhyB6Tv8EtoCaiOk08EsnKS3BPCwGlv
+YYvbn4clZUfTY2bOZR1+rqeTnjgkOlqD4Jaa0c0iTyUOh/+KpfniHSFHdmxXbXjZ
+upuWU+pxbfc/cHEWTAXlbJxSUOwuiNoSB4iSMAIwEM2TmrjFvri4CcgY2YJIpUoW
+c5w2SLWe8GtNgipuPPQNqLPJ3fooWxrqF+fegHC2tv4lvpSOQbPFDvxOF1b+sCIR
+7hxeglpyfCUwvq9k8/LZtdoFSE4HE9sKlvZ0CbabYh8C1bIoozqJlMwRg+VhG1q7
+XWX6sgatGhZHNDndm2p8/YUw
+=DzLZ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc b/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc
new file mode 100644
index 0000000000..81dfec2160
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:39.execve.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:39.execve                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local privilege escalation via execve(2) TOCTOU race
+
+Category:       core
+Module:         execve
+Announced:      2026-06-30
+Credits:        Synacktiv
+Affects:        All supported versions of FreeBSD.
+Corrected:      2026-06-26 22:20:44 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:55 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:22 UTC (releng/15.0, 15.0-RELEASE-p11)
+                2026-06-28 00:30:18 UTC (stable/14, 14.4-STABLE)
+                2026-06-30 17:20:55 UTC (releng/14.4, 14.4-RELEASE-p7)
+                2026-06-30 17:20:28 UTC (releng/14.3, 14.3-RELEASE-p16)
+CVE Name:       CVE-2026-49415
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The execve(2) system call replaces the calling process's image with a
+new executable.  When the target binary is set-user-ID (SUID), the
+kernel installs a new virtual address space containing the binary's
+code and data, then changes the process credentials to those of the
+file owner.
+
+II.  Problem Description
+
+During execve(2) of a SUID binary, the new virtual address space is
+installed before the process credentials are updated.  During this
+window, a process running as the same user can access the target
+process's memory via procfs or linprocfs, because the kernel's
+debugging permission check still saw the original credentials.
+
+III. Impact
+
+An unprivileged local user can exploit this race to modify the
+address space of a SUID binary before its credentials are elevated,
+potentially gaining full control of the affected system.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE or later version of FreeBSD on the amd64 or
+arm64 platforms, which were installed using base system packages, can be
+updated via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-15.patch.asc
+# gpg --verify execve-15.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.4.patch.asc
+# gpg --verify execve-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:39/execve-14.3.patch.asc
+# gpg --verify execve-14.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch -E -p0 < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/15/                              a80e40ce9ee0    stable/15-n284141
+releng/15.1/                            46f7b5a64048  releng/15.1-n283567
+releng/15.0/                            de7144f7c391  releng/15.0-n281069
+stable/14/                              bb1154f3ea20    stable/14-n274435
+releng/14.4/                            8fbbc185a3ff  releng/14.4-n273729
+releng/14.3/                            6772a8ece2c0  releng/14.3-n271529
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://www.cve.org/CVERecord?id=CVE-2026-49415>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:39.execve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmpEEjcbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvI88QAI5z9LuCV46PtN5Nxw7f
+wv6davrwFt1N/q+hXVXKR0LNU7Q7nB5okGi0ipcjSqIC/9OaTMl9BsT7dA3yxeZi
+D1SN0kdrUyTsCNy2jMR/jd21uUMpcMHJYeUEzp9SNtiMwEEWYXNgsr5mX3sqG7/Z
+W6RJ5xBXfG0rePsXQ2wRkYsEZzK+sJJWSgPmxqRu+ruQYollVTExjOZfSm7l1ipq
+GS150pQ3kw5XNv2+fTnTxphJCXXvB9ZQRYb0ks4D3E/+r/bmY+OZmdnhGzCh6gEh
+Es4FmUAAWFbTtu355GcwOR+wy5AG1BxDVL+0D/8mM2EhbKBM5In54Q6JteMl7JeT
+DL1kt9nGOG5KXOZmcJdL5vsFg6vbdDvTGD1ufgcddesp6qD5JYh00Gg/2zQTxLjj
+EHIc0Oked/eIwObSKypbSYICGQRLC8QdeisdoDgmbWHAxc1OBJY/o+T6emcsDbT8
+qpl3e9CNcGTRAznrrfHS3WJatIHcvLPInxKleXUbXAwcI5IzOWDGuBgOg/GeSdsz
+ybPU1NMsT+vqOQ67O7ENjJo/djXxyTQI/ExUR9nFrKZL/ma3EP4G+xyD+1pFW+Pk
+HCm1RbMayr75ck7Wb6rjbc6fgPIK/djz1f2rzYMFipt8U1qiiAN552AQ6/mFMjGS
+Dp8iGjzGu60Hf9IaLXxTOcYV
+=HivV
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc b/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc
new file mode 100644
index 0000000000..82d21b8c2b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:40.zfs.asc
@@ -0,0 +1,183 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:40.zfs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities in OpenZFS
+
+Category:       contrib
+Module:         openzfs
+Announced:      2026-06-30
+Credits:        Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
+                and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Credits:        Emmanuel Genier at Quarkslab
+Affects:        All supported versions of FreeBSD.
+Corrected:      2026-06-17 07:21:06 UTC (stable/15, 15.1-STABLE)
+                2026-06-30 17:21:56 UTC (releng/15.1, 15.1-RELEASE-p1)
+                2026-06-30 17:21:23 UTC (releng/15.0, 15.0-RELEASE-p11)
*** 11617 LINES SKIPPED ***