git: fadd7a59e7 - main - Add security advisories affecting 14.3R, 14.4R and 15.0R

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Philip Paeps <philip_at_FreeBSD.org>
Date: Thu, 21 May 2026 01:28:14 UTC
The branch main has been updated by philip:

URL: https://cgit.FreeBSD.org/doc/commit/?id=fadd7a59e78e7a2a775abd3bc30e055ddbde7e15

commit fadd7a59e78e7a2a775abd3bc30e055ddbde7e15
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2026-05-21 01:26:29 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2026-05-21 01:26:29 +0000

    Add security advisories affecting 14.3R, 14.4R and 15.0R
    
    FreeBSD-SA-26:18.setcred affects all supported releases
    FreeBSD-SA-26:19.file affects all supported releases
    FreeBSD-SA-26:20.fusefs affects all supported releases
    FreeBSD-SA-26:21.ptrace affects all supported releases
    FreeBSD-SA-26:22.casper affects all supported releases
    FreeBSD-SA-26:23.bsdinstall affects all supported releases
    FreeBSD-SA-26:24.cap_net affects all supported releases
---
 website/content/en/releases/14.3R/errata.adoc | 7 +++++++
 website/content/en/releases/14.4R/errata.adoc | 7 +++++++
 website/content/en/releases/15.0R/errata.adoc | 7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/website/content/en/releases/14.3R/errata.adoc b/website/content/en/releases/14.3R/errata.adoc
index 20a17a80a7..01a5c25a75 100644
--- a/website/content/en/releases/14.3R/errata.adoc
+++ b/website/content/en/releases/14.3R/errata.adoc
@@ -65,6 +65,13 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:15.dhclient.asc[FreeBSD-SA-26:15.dhclient] |29 April 2026 |Remotely triggerable out-of-bounds heap write in dhclient
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:16.libnv.asc[FreeBSD-SA-26:16.libnv] |29 April 2026 |Stack overflow via select() file descriptor set overflow
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:17.libnv.asc[FreeBSD-SA-26:17.libnv] |29 April 2026 |Heap overflow in libnv
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:18.setcred.asc[FreeBSD-SA-26:18.setcred] |20 May 2026 |Stack buffer overflow via setcred(2)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:19.file.asc[FreeBSD-SA-26:19.file] |20 May 2026 |Kernel use-after-free via file descriptor syscalls
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:20.fusefs.asc[FreeBSD-SA-26:20.fusefs] |20 May 2026 |Heap overflow in FUSE_LISTXATTR
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:21.ptrace.asc[FreeBSD-SA-26:21.ptrace] |20 May 2026 |Missing validation in ptrace(PT_SC_REMOTE)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:22.libcasper.asc[FreeBSD-SA-26:22.libcasper] |20 May 2026 |select(2) file descriptor set overflow causes stack overflow
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc[FreeBSD-SA-26:23.bsdinstall] |20 May 2026 |Remote code execution via installer Wi-Fi access point scans
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:24.cap_net.asc[FreeBSD-SA-26:24.cap_net] |20 May 2026 |Incorrect libcap_net limitation list manipulation
 |===
 
 [[errata]]
diff --git a/website/content/en/releases/14.4R/errata.adoc b/website/content/en/releases/14.4R/errata.adoc
index c4c5e897a1..7c57390c47 100644
--- a/website/content/en/releases/14.4R/errata.adoc
+++ b/website/content/en/releases/14.4R/errata.adoc
@@ -55,6 +55,13 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:15.dhclient.asc[FreeBSD-SA-26:15.dhclient] |29 April 2026 |Remotely triggerable out-of-bounds heap write in dhclient
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:16.libnv.asc[FreeBSD-SA-26:16.libnv] |29 April 2026 |Stack overflow via select() file descriptor set overflow
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:17.libnv.asc[FreeBSD-SA-26:17.libnv] |29 April 2026 |Heap overflow in libnv
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:18.setcred.asc[FreeBSD-SA-26:18.setcred] |20 May 2026 |Stack buffer overflow via setcred(2)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:19.file.asc[FreeBSD-SA-26:19.file] |20 May 2026 |Kernel use-after-free via file descriptor syscalls
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:20.fusefs.asc[FreeBSD-SA-26:20.fusefs] |20 May 2026 |Heap overflow in FUSE_LISTXATTR
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:21.ptrace.asc[FreeBSD-SA-26:21.ptrace] |20 May 2026 |Missing validation in ptrace(PT_SC_REMOTE)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:22.libcasper.asc[FreeBSD-SA-26:22.libcasper] |20 May 2026 |select(2) file descriptor set overflow causes stack overflow
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc[FreeBSD-SA-26:23.bsdinstall] |20 May 2026 |Remote code execution via installer Wi-Fi access point scans
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:24.cap_net.asc[FreeBSD-SA-26:24.cap_net] |20 May 2026 |Incorrect libcap_net limitation list manipulation
 |===
 
 [[errata]]
diff --git a/website/content/en/releases/15.0R/errata.adoc b/website/content/en/releases/15.0R/errata.adoc
index 971aa05b38..3065ee09d4 100644
--- a/website/content/en/releases/15.0R/errata.adoc
+++ b/website/content/en/releases/15.0R/errata.adoc
@@ -60,6 +60,13 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:15.dhclient.asc[FreeBSD-SA-26:15.dhclient] |29 April 2026 |Remotely triggerable out-of-bounds heap write in dhclient
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:16.libnv.asc[FreeBSD-SA-26:16.libnv] |29 April 2026 |Stack overflow via select() file descriptor set overflow
 |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:17.libnv.asc[FreeBSD-SA-26:17.libnv] |29 April 2026 |Heap overflow in libnv
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:18.setcred.asc[FreeBSD-SA-26:18.setcred] |20 May 2026 |Stack buffer overflow via setcred(2)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:19.file.asc[FreeBSD-SA-26:19.file] |20 May 2026 |Kernel use-after-free via file descriptor syscalls
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:20.fusefs.asc[FreeBSD-SA-26:20.fusefs] |20 May 2026 |Heap overflow in FUSE_LISTXATTR
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:21.ptrace.asc[FreeBSD-SA-26:21.ptrace] |20 May 2026 |Missing validation in ptrace(PT_SC_REMOTE)
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:22.libcasper.asc[FreeBSD-SA-26:22.libcasper] |20 May 2026 |select(2) file descriptor set overflow causes stack overflow
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc[FreeBSD-SA-26:23.bsdinstall] |20 May 2026 |Remote code execution via installer Wi-Fi access point scans
+|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-26:24.cap_net.asc[FreeBSD-SA-26:24.cap_net] |20 May 2026 |Incorrect libcap_net limitation list manipulation
 |===
 
 [[errata]]