Unix News Tutorials Events and Stuff: 2026

Friday, May 29, 2026

Reminder about the sunset of pagure.io

Hello everyone, we aim to decommision our old forge pagure.io around the Flock conference. We encourage you to migrate all your repositories from Pagure to our new forge[1] or to any other Git hosting service. If you have any questions, you can contact us on Matrix[2] or open a ticket with the Forge team [3]. Discussion and feedback can be held in the Discourse topic[4]. New organisation requests can be filed on the Forge ticket tracker[3] On behalf of the Fedora Infrastructure Team Smolík Vít [1] https://forge.fedoraproject.org [2] https://matrix.to/#/#fedora-forgejo:fedoraproject.org [3] https://forge.fedoraproject.org/forge/forge [4] https://discussion.fedoraproject.org/t/decommissioning-of-pagure-io-anticipated-by-flock-2026/181997 -- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Thursday, May 28, 2026

Fedora 42 Has Reached END OF LIFE

Hello all,

Fedora 42 has reached end of life for updates today, 2026-05-28. It was originally supposed to happen yesterday but there was a slight delay. Apologies.

No more updates of any kind, including security updates or security announcements, will be available for Fedora 42 after this date. No pending updates will be pushed to stable.

Fedora 43 will continue to receive updates until approximately one month after the release of Fedora 45. The maintenance schedule of Fedora releases is documented here [1]. The documentation also contains instructions [2] on how to upgrade from a previous release to a version receiving updates.

Best regards,

Patrik Polakovic

Fedora Release Engineering

[1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule
[2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/

-- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Fedora 42 Has Reached END OF LIFE

Hello all,

Fedora 42 has reached end of life for updates today, 2026-05-28. It was originally supposed to happen yesterday but there was a slight delay. Apologies.

No more updates of any kind, including security updates or security announcements, will be available for Fedora 42 after this date. No pending updates will be pushed to stable.

Best regards,

Patrik Polakovic

Fedora Release Engineering

[1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule
[2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/

-- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Wednesday, May 27, 2026

F45 Change Proposal: Golang 1.27 (system-wide)

Wiki - https://fedoraproject.org/wiki/Changes/golang1.27 Discussion Thread - https://discussion.fedoraproject.org/t/f45-change-proposal-golang-1-27-system-wide/192438 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Update of Go (golang package) to the upcoming version 1.27 in Fedora 45. == Owner == * Name: [[User:alexsaezm| Alejandro Sáez Morollón]] * Email: asm@redhat.com == Detailed Description == Update of Go (golang package) to the upcoming version 1.27 in Fedora 45. Go 1.27 is expected to be released in [https://tip.golang.org/doc/go1.27 August 2026]. A mass rebuild of all the dependent packages is required. == Feedback == No feedback yet. == Benefit to Fedora == Fedora users will receive the most current and recent Go release. Being close to upstream allows us to avoid security issues and provide more updated features. Consequently, Fedora will provide a reliable development platform for the Go language and projects written in it. For a complete list of changes, see upstream change notes at https://tip.golang.org/doc/go1.27 == Scope == * Proposal owners: Rebase the Golang package in Fedora 45 and help resolve any issues found during the rebuild. * Other developers: Fix potential issues with the help of the Golang package maintainers. * Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues #Releng issue number] Rebuild of dependent packages as part of planned mass-rebuild. * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: It helps maintain the quality of the project, even though it doesn't align directly with the current objectives. == Upgrade/compatibility impact == No upgrade or compatibility impact. == Early Testing (Optional) == == How To Test == # Install golang 1.27 from rawhide and use it to build your application(s)/package(s). # Perform a scratch build against rawhide. # Your application/package built using golang 1.27 should work as expected. == User Experience == Users will have a newer version of Go, with new features described in the release notes and security fixes. == Dependencies == <pre> dnf4 repoquery -q --releasever=rawhide --disablerepo='*' --qf='%{name}' --enablerepo=fedora-source --enablerepo=updates-source --enablerepo=updates-testing-source --archlist=src --whatrequires 'golang' dnf4 repoquery -q --releasever=rawhide --disablerepo='*' --qf='%{name}' --enablerepo=fedora-source --enablerepo=updates-source --enablerepo=updates-testing-source --archlist=src --whatrequires 'compiler(go-compiler)' dnf4 repoquery -q --releasever=rawhide --disablerepo='*' --qf='%{name}' --enablerepo=fedora-source --enablerepo=updates-source --enablerepo=updates-testing-source --archlist=src --whatrequires 'go-rpm-macros' </pre> <pre> Omitted due to the number of packages listed: ~900. </pre> == Contingency Plan == * Contingency mechanism: Revert to Go 1.26.X if significant issues are discovered * Contingency deadline: Beta freeze * Blocks release? No == Documentation == https://tip.golang.org/doc/go1.27 == Release Notes == -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

F45 Change Proposal: RPM 6.1 (system-wide)

Wiki - https://fedoraproject.org/wiki/Changes/RPM-6.1 Discussion Thread - https://discussion.fedoraproject.org/t/f45-change-proposal-rpm-6-1-system-wide/192437 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Update RPM to the latest upstream 6.1 release. == Owners == * Name: [[User:Pmatilai| Panu Matilainen]], [[User:Mdomonko|Michal Domonko]] * Email: pmatilai@redhat.com, mdomonko@redhat.com == Detailed Description == Update RPM to the upcoming 6.1 release for various improvements across the board. Some noteworthy items include bringing back NSS support for user/group lookups, new man pages, enhancements to the macro subsystem, and scriptlet running optimization on Linux. == Feedback == == Benefit to Fedora == * The packaging community will appreciate various new features in this release: ** literal and one-shot macro modifiers for escape-correctness and performance ** fine-grained control over %global behavior through %define options ** rpmbuild short-circuit to %check stage ** the build scriptlet environment is exported to rpmbuild.env file in the build directory * Restored NSS lookup improves usability in large organizations with central user/group management * Separate keystore lock allows queries during transactions again == Scope == * Proposal owners: ** Rebase RPM ** Address possible regressions with high priority * Other developers: ** Test and report issues * Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues/13351 #13351] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: N/A == Upgrade/compatibility impact == There are no intentional incompatibilities introduced in this release. == Early Testing (Optional) == Do you require 'QA Blueprint' support? N == How To Test == Rpm receives a thorough and constant testing via every single package build, system installs and updates, but of particular interest in this release are * Macro modifiers: https://rpm-software-management.github.io/rpm/man/rpm-macros.7 * Users who require NSS in their environment are encouraged to test the reintroduced support == User Experience == * Restored NSS-based user/group lookups by default * Separate keystore lock allows queries during transactions again * Improved rpmkeys -Kv verification output * Improved usability of rpm-plugin-syslog(8) with systemd journal * New man pages covering dependency generators, scriptlets and more == Dependencies == * rpm-sequoia >= 1.10.2 is required, but this is already in Fedora * soname does not change, no requirement to rebuild dependencies == Contingency Plan == * Contingency mechanism: Revert back to RPM 6.0 * Contingency deadline: Beta freeze * Blocks release? No == Documentation == * Upstream release notes: http://rpm.org/releases/6.1.0 * Upstream 6.1 man pages and other documentation: https://rpm-software-management.github.io/rpm/ * Upstream new stable release policy announcement: https://github.com/rpm-software-management/rpm/discussions/4193 == Release Notes == -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

F45 Change Proposal: Erlang 27 (self-contained)

Wiki - https://fedoraproject.org/wiki/Changes/Erlang_27 Discussion Thread - https://discussion.fedoraproject.org/t/f45-change-proposal-erlang-27-self-contained/192436 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Update Erlang/OTP to version 27. == Owner == * Name: [[User:Peter|Peter Lemenkov]], [[SIGs/Erlang|Fedora Erlang SIG]] * Email: lemenkov@gmail.com, erlang@lists.fedoraproject.org == Previous Change History == * Attempted for Fedora 43 (FESCo issue: [https://pagure.io/fesco/issue/2809 #2809]) — withdrawn due to RabbitMQ not yet supporting Erlang 27. * Retargeted to Fedora 44 (FESCo issue: [https://pagure.io/fesco/issue/3433 #3433]) — rejected/deferred, same reason. * RabbitMQ 4.0.4 added full Erlang 27 support. The blocker no longer exists. == Detailed Description == Upgrade Erlang to version 27 which brings a lot of changes. Just a few highlights [https://www.erlang.org/blog/highlights-otp-27/ from many]: * Triple-Quoted strings * Sigils * The new <code>json</code> module * Process labels * New functionality in STDLIB * New SSL client-side stapling support * Lots of bugfixes Aside from this, we plan to further improve quality of Erlang and related packages. These are shortcomings we want to address: * Finish switching to rebar3 as a main build tool and deprecate rebar2. Note: the new declarative <code>BuildSystem: rebar3</code> directive is now available in F45+ via <code>erlang-srpm-macros ≥ 0.3.11</code>. * Improve [https://fedoraproject.org/wiki/User:Peter/Erlang_Packaging_Guidelines Erlang Packaging Guidelines] and promote them as the official guideline. * SELinux rules for main Erlang applications (Ejabberd, CouchDB, RabbitMQ) are still outdated or missing. == Benefit to Fedora == Fedora users, both developers and end-users, will have visible benefits from using Fedora-provided packages. Namely: * Improved scalability and robustness. * Much easier developing and debugging. * Unblocks ecosystem packages that require OTP 27 syntax (triple-quoted strings, new <code>-doc</code> attributes, <code>json</code> module, etc.). * RabbitMQ 4.2.x and 4.3.x both fully support Erlang 27 — the previous blocker is resolved. == Scope == * Proposal owners: ** Upgrade Erlang to version 27. ** Upgrade outdated packages: *** {{package|ejabberd}} *** {{package|rabbitmq-server}} ** Package GDB macros for easier coredump debugging (see also [https://bugzilla.redhat.com/show_bug.cgi?id=663253 this ticket]). * Other developers: N/A * Release engineering: No special action required. NIF-based packages will be rebuilt as part of the regular mass rebuild. * Policies and guidelines: ** We should officially promote [https://fedoraproject.org/wiki/User:Peter/Erlang_Packaging_Guidelines Erlang Packaging Guidelines]. * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == N/A — Erlang 27 is backward compatible with code compiled on Erlang 26. Packages with Native Implemented Functions (NIFs) need to be rebuilt, which happens automatically during the mass rebuild. == How To Test == Ensure that high-grade Erlang applications are still working: {| class="wikitable" |- ! '''Name''' !! '''Tested''' |- | {{package|ejabberd}} || No |- | {{package|elixir}} || No |- | {{package|rabbitmq-server}} || No |} * Collect feedback from volunteers regarding their experience with this Erlang/OTP version. == User Experience == Users will get more robust, scalable, and fast Erlang applications. Developers will benefit from new language features (triple-quoted strings, sigils, the json module) without needing to install Erlang from external sources. == Dependencies == The following packages must be rebuilt: NIF-libraries (happens automatically during mass rebuild). == Contingency Plan == * Contingency mechanism: None necessary. Instead of falling back to the previous version we should fix existing packages in order to help the Community. We should also monitor upstream development process for potentially discovered issues and proactively apply patches (as we already did with [[Features/Erlang_R14|Erlang R14]], [[Features/Erlang_R15|Erlang R15]], [[Features/Erlang_R16|Erlang R16]], [[Changes/BetterErlangSupport|Erlang 17]], [[Changes/Erlang_18|Erlang 18]], [[Changes/Erlang_19|Erlang 19]], [[Changes/Erlang_20|Erlang 20]], [[Changes/Erlang_21|Erlang 21]], [[Changes/Erlang_22|Erlang 22]], [[Changes/Erlang_23|Erlang 23]], [[Changes/Erlang_24|Erlang 24]], and [[Changes/Erlang_25|Erlang 25]]). It should be noted that this change consists of independent or loosely coupled smaller changes. If we fail to deliver some changes in time, we should reschedule these exact changes to the future Fedora release while keeping already implemented ones. * Contingency deadline: N/A * Blocks release? No * Blocks product? No == Documentation == * [https://www.erlang.org/news/170 Erlang/OTP 27.0 release notes] * [https://www.erlang.org/news/171 Erlang/OTP 27.1 release notes] * [https://www.erlang.org/news/172 Erlang/OTP 27.2 release notes] * [https://www.erlang.org/news/175 Erlang/OTP 27.3 release notes] == Release Notes == Erlang/OTP 27.0 is available in Fedora 45. -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

F45 Change Proposal: Adopt PURL Metadata (system-wide)

Wiki - https://fedoraproject.org/wiki/Changes/Adopt_PURL_Metadata Discussion Thread - https://discussion.fedoraproject.org/t/f45-change-proposal-adopt-purl-metadata-system-wide/192435 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Package metadata will be enhanced with standardized identifiers based on the PURL (Package-URL) specification with the goal of simplifying the mapping between upstream projects and Fedora packages. == Owner == * Name: [[User:Decathorpe| Fabio Valentini]] * Email: decathorpe AT gmail DOT com == Detailed Description == The Package-URL (PURL) standard privides a "standardized URL-based syntax that uniquely identifies software packages, independent of their ecosystem or distribution channel" ([https://github.com/package-url/purl-spec from the project README]). It is being adopted by many projects across the ecosystem - including the [https://cyclonedx.org/ CycloneDX] and SPDX SBOM formats, various software vulnerability databases, and the CVE Record Format ([https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0 added as an optional field in version 5.2.0]). By adding standardized identifiers to Fedora packages, it becomes easier to map upstream projects to packages - for example, to identify which packages are affected by a security vulnerability. The PURL standard defines this URL scheme: <code> scheme:type/namespace/name@version?qualifiers#subpath </code> For many "types" of packages, RPM generators already add virtual "Provides" for packages (for example, <code>crate(libc) = 0.2.186</code> or <code>rubygem(kramdown) = 2.5.2</code>) - but this is a downstream-specific format. The RPM generators for package ecosystems that are supported by the PURL specification will be extended to also add metadata in the PURL format (like <code>purl(pkg:cargo/libc@0.2.186)</code> or <code>purl(pkg:gem/kramdown@2.5.2</code>). The next package rebuild after the necessary RPM generator changes land will include this new metadata. This could then be extended to <code>bundled(...)</code> virtual Provides as well, which are currently even more heterogeneous since there's no standardized format for them in Fedora, and could potentially replace existing non-standard <code>bundled(...)</code> Provides in many cases. The initial target of this Change is to start adding virtual Provides in PURL format for packages in the following language ecosystems: * "cargo" (Rust crates) * "cpan" (Perl packages) * "cran" (R packages) * "gem" (RubyGems) * "hackage" (Haskell packages) * "maven" (Java packages) * "npm" (NodeJS / NPM packages) * "opam" (OCaml packages) * "pypi" (Python packages from PyPI) Currently, the only supported PURL "type" for C/C++ projects appears to be "conan", which is not useful in this context, but new types are [https://github.com/package-url/purl-spec/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22PURL%20type%20new%22 getting added to the spec regularly]. This will likely be an iterative process and the necessary changes might not happen for all language ecosystems in just one release cycle. == Feedback == TBD == Benefit to Fedora == This Change aims at making it easier and more reliable to identify which packages contain code from what projects. This allows for more reliable identification of packages affected by security vulnerabilities. Additionally, this metadata might be interesting for generating SBOMs for content included in (container) images. == Scope == * Proposal owners: Implement adaptations for RPM generators to emit the new virtual Provides. * Other developers: Review and apply changes to RPM generators and other packages, where necessary. * Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues/13347 #13347] This Change requires a mass rebuild for affected packages to get the new metadata. * Policies and guidelines: Update Packaging Guidelines to recommend attaching metadata in PURL format to packages, where possible (to be determined if this also applies to <code>bundled(...)</code> Provides). FPC Ticket: https://forge.fedoraproject.org/packaging/guidelines/issues/1536 * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: N/A (not needed for this Change) == Upgrade/compatibility impact == This Change only provides additional package metadata and should have no effect on upgrades or backwards compatibility. == Early Testing (Optional) == N/A Do you require 'QA Blueprint' support? N == How To Test == Packages that are rebuilt after these changes land should have additional RPM Provides. This can be verified by running something like <code>dnf --provides perl-Errno</code> and looking for an entry in the <code>purl(...)</code> format. == User Experience == No direct impact to user experience is expected. However, easier identification of packages that are affected by security vulnerabilities should enable fixes for these issues to happen more reliably (and potentially faster). == Dependencies == '''Direct dependencies''': * Packages that contain the RPM generator implementations '''Indirect dependencies''': * Everything. == Contingency Plan == This is a purely additive and / or metadata-only Change. If the necessary changes are not finished by the mass rebuild date, they can still land at a later point in time, but will only affect a subset of packages. For best results, the changes should land before the Mass Rebuild, but this is not strictly necessary. * Contingency mechanism: Changes do not need to be reverted. If changes are not complete before the mass rebuild, it might need to be documented that the Change will only be partially implemented for the targeted Fedora release, and that only the next release will benefit fully. * Contingency deadline: Mass rebuild. * Blocks release? No. == Documentation == * [https://packageurl.org/ Package-URL Homepage] * [https://github.com/package-url/purl-spec PURL specification] * [https://github.com/package-url/purl-spec/tree/main/types List of valid package types] == Release Notes == -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Tuesday, May 26, 2026

Flock to Fedora 2026: Call for On-Site Volunteers

Hello everyone,

Flock to Fedora 2026[1] is right around the corner—exciting! :) To help this community event run smoothly, we are asking if some in-person attendees would be willing to volunteer their time during it. The intake form[2] has more details about the kinds of volunteers we need. Our schedule for the event is live[3] and some tickets for the event[4] are still available. Attendance is capped, so if you plan to attend or are speaking and have not registered yet, secure your ticket soon!

This volunteer intake form will close on Tuesday, June 2, 2026. On behalf of the Flock organiser team, we really appreciate you giving your time to help make the event run successfully.

Kindest regards and many thanks,

Aoife, on behalf of the Flock organization team

[1] https://fedoraproject.org/flock/2026/

[2] https://forms.gle/TiV89PCphsUQfPsG6

[3] https://cfp.fedoraproject.org/flock-to-fedora-2026/schedule/

[4] https://rsvp.fedoraproject.org/community/flock-2026/

Aoife Moloney

Fedora Operations Architect

Fedora Project

Matrix: @amoloney:fedora.im

IRC: amoloney

Monday, May 25, 2026

confirm 3e3d3085b07b336fc9464e0d753e1d4385af7634

Your membership in the mailing list ubuntu-security-announce has been disabled due to excessive bounces The last bounce received from you was dated 25-May-2026. You will not get any more messages from this list until you re-enable your membership. You will receive 3 more reminders like this before your membership in the list is deleted. To re-enable your membership, you can simply respond to this message (leaving the Subject: line intact), or visit the confirmation page at https://lists.ubuntu.com/mailman/confirm/ubuntu-security-announce/3e3d3085b07b336fc9464e0d753e1d4385af7634 You can also visit your membership page at https://lists.ubuntu.com/mailman/options/ubuntu-security-announce/reallost1.fbsd2233449%40blogger.com On your membership page, you can change various delivery options such as your email address and whether you get digests or not. As a reminder, your membership password is quicker If you have any questions or problems, you can contact the list owner at ubuntu-security-announce-owner@lists.ubuntu.com

[USN-8301-1] SimpleEval vulnerability

========================================================================== Ubuntu Security Notice USN-8301-1 May 25, 2026 simpleeval vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: SimpleEval could be made to run programs if it received specially crafted input. Software Description: - simpleeval: Python library for evaluating expressions Details: Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-simpleeval 1.0.3-1+deb13u1build0.26.04.1 Ubuntu 25.10 python3-simpleeval 1.0.3-1+deb13u1build0.25.10.1 Ubuntu 24.04 LTS python3-simpleeval 0.9.12-1+deb12u1build0.24.04.1 Ubuntu 22.04 LTS python3-simpleeval 0.9.11-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-simpleeval 0.9.10-1+deb11u1build0.20.04.1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-simpleeval 0.9.5-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-simpleeval 0.9.5-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-simpleeval 0.8.7-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-simpleeval 0.8.7-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8301-1 CVE-2026-32640 Package Information: https://launchpad.net/ubuntu/+source/simpleeval/1.0.3-1+deb13u1build0.26.04.1 https://launchpad.net/ubuntu/+source/simpleeval/1.0.3-1+deb13u1build0.25.10.1 https://launchpad.net/ubuntu/+source/simpleeval/0.9.12-1+deb12u1build0.24.04.1

[USN-8291-3] Linux kernel (Low Latency) vulnerabilities

========================================================================== Ubuntu Security Notice USN-8291-3 May 25, 2026 linux-lowlatency vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-lowlatency: Linux low latency kernel Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - io_uring subsystem; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-178-lowlatency 5.15.0-178.188 linux-image-5.15.0-178-lowlatency-64k 5.15.0-178.188 linux-image-lowlatency 5.15.0.178.150 linux-image-lowlatency-5.15 5.15.0.178.150 linux-image-lowlatency-64k 5.15.0.178.150 linux-image-lowlatency-64k-5.15 5.15.0.178.150 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8291-3 https://ubuntu.com/security/notices/USN-8291-2 https://ubuntu.com/security/notices/USN-8291-1 CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351 Package Information: https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-178.188

[USN-8300-1] ngtcp2 vulnerability

========================================================================== Ubuntu Security Notice USN-8300-1 May 25, 2026 ngtcp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: ngtcp2 could be made to run programs as your login if it received specially crafted network traffic when qlog was enabled. Software Description: - ngtcp2: RFC9000 QUIC protocol implementation Details: Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libngtcp2-16 1.16.0-1ubuntu0.1 libngtcp2-crypto-gnutls-dev 1.16.0-1ubuntu0.1 libngtcp2-crypto-gnutls8 1.16.0-1ubuntu0.1 libngtcp2-crypto-ossl-dev 1.16.0-1ubuntu0.1 libngtcp2-crypto-ossl0 1.16.0-1ubuntu0.1 libngtcp2-dev 1.16.0-1ubuntu0.1 Ubuntu 25.10 libngtcp2-16 1.11.0-1+deb13u1build0.25.10.1 libngtcp2-crypto-gnutls-dev 1.11.0-1+deb13u1build0.25.10.1 libngtcp2-crypto-gnutls8 1.11.0-1+deb13u1build0.25.10.1 libngtcp2-dev 1.11.0-1+deb13u1build0.25.10.1 ngtcp2-client 1.11.0-1+deb13u1build0.25.10.1 ngtcp2-server 1.11.0-1+deb13u1build0.25.10.1 Ubuntu 24.04 LTS libngtcp2-9 0.12.1+dfsg-1+deb12u1build0.24.04.1 libngtcp2-crypto-gnutls-dev 0.12.1+dfsg-1+deb12u1build0.24.04.1 libngtcp2-crypto-gnutls2 0.12.1+dfsg-1+deb12u1build0.24.04.1 libngtcp2-dev 0.12.1+dfsg-1+deb12u1build0.24.04.1 ngtcp2-client 0.12.1+dfsg-1+deb12u1build0.24.04.1 ngtcp2-server 0.12.1+dfsg-1+deb12u1build0.24.04.1 Ubuntu 22.04 LTS libngtcp2-0 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libngtcp2-crypto-gnutls-dev 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libngtcp2-crypto-gnutls0 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libngtcp2-dev 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro ngtcp2-client 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro ngtcp2-server 0.1.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8300-1 CVE-2026-40170 Package Information: https://launchpad.net/ubuntu/+source/ngtcp2/1.16.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/ngtcp2/1.11.0-1+deb13u1build0.25.10.1 https://launchpad.net/ubuntu/+source/ngtcp2/0.12.1+dfsg-1+deb12u1build0.24.04.1

[USN-8299-1] Rclone vulnerabilities

========================================================================== Ubuntu Security Notice USN-8299-1 May 25, 2026 rclone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Rclone. Software Description: - rclone: rsync for commercial cloud storage Details: It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41176) It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-41179) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS rclone 1.60.1+dfsg-4ubuntu3.1 Ubuntu 25.10 rclone 1.60.1+dfsg-4ubuntu2.1 Ubuntu 24.04 LTS rclone 1.60.1+dfsg-3ubuntu0.24.04.5 Ubuntu 22.04 LTS rclone 1.53.3-4ubuntu1.22.04.4 Ubuntu 20.04 LTS rclone 1.50.2-2ubuntu0.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8299-1 CVE-2026-41176, CVE-2026-41179 Package Information: https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu3.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3ubuntu0.24.04.5 https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubuntu1.22.04.4

[arch-announce] Breaking changes for all users of `varnish`, which is renamed to `vinyl-cache`

The Varnish project has [renamed itself to Vinyl Cache][0]. We followed this rename with a [new `vinyl-cache` package][1]. This upgrade results in [breaking changes][2] and users are advised to study these changes and how it affects them before following the replacement. All references to "`varnish`" have been changed to "`vinyl`" in all binaries and directories. At minimum, users will have to: - rename `/etc/varnish` to `/etc/vinyl-cache` - rename `/var/lib/varnish` to `/var/lib/vinyl-cache` - fix up ownership of files inside `/var/lib/varnish` - user `varnish` becomes `vinyl` - group `varnish` becomes `vinyl` - user `varnishlog` becomes `vinyllog` - user `vcache` remains the same - disable the old `varnish.service` and `varnishncsa.service` systemd units - enable the new `vinyl-cache.service` and `vinylncsa.service` systemd units Meanwhile, the `varnish` package has been dropped from `[extra]`. We're not currently planning to maintain a new `varnish` package as it's a different upstream project. [0]: https://vinyl-cache.org/organization/on_vinyl_cache_and_varnish_cache.html#org-vinyl-varnish [1]: https://gitlab.archlinux.org/archlinux/packaging/packages/vinyl-cache [2]: https://vinyl-cache.org/docs/9.0/whats-new/upgrading-9.0.html URL: https://archlinux.org/news/breaking-changes-for-all-users-of-varnish-which-is-renamed-to-vinyl-cache/

Friday, May 22, 2026

[USN-8280-2] Linux kernel (Azure)vulnerabilities

========================================================================== Ubuntu Security Notice USN-8280-2 May 22, 2026 linux-azure, linux-azure-5.4, linux-azure-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Details: It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Packet sockets; - TLS protocol; (CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1163-azure 5.4.0-1163.169 Available with Ubuntu Pro linux-image-5.4.0-1163-azure-fips 5.4.0-1163.169+fips1 Available with Ubuntu Pro linux-image-azure-5.4 5.4.0.1163.155 Available with Ubuntu Pro linux-image-azure-fips 5.4.0.1163.99 Available with Ubuntu Pro linux-image-azure-fips-5.4 5.4.0.1163.99 Available with Ubuntu Pro linux-image-azure-lts-20.04 5.4.0.1163.155 Available with Ubuntu Pro Ubuntu 18.04 LTS linux-image-5.4.0-1163-azure 5.4.0-1163.169~18.04.1 Available with Ubuntu Pro linux-image-azure 5.4.0.1163.169~18.04.1 Available with Ubuntu Pro linux-image-azure-5.4 5.4.0.1163.169~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8280-2 https://ubuntu.com/security/notices/USN-8280-1 CVE-2026-31431, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078

[USN-8290-1] Path-to-Regexp vulnerability

========================================================================== Ubuntu Security Notice USN-8290-1 May 21, 2026 node-path-to-regexp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Path-to-Regexp could be made to crash if it received specially crafted network traffic. Software Description: - node-path-to-regexp: Turn a path string such as /user/:name into a regular expression. Details: It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular expressions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS node-path-to-regexp 6.2.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS node-path-to-regexp 6.2.0-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS node-path-to-regexp 6.1.0-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS node-path-to-regexp 1.0.1-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS node-path-to-regexp 1.0.1-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8290-1 CVE-2024-45296

[USN-8291-2] Linux kernel (Low Latency) vulnerabilities

========================================================================== Ubuntu Security Notice USN-8291-2 May 22, 2026 linux-lowlatency-hwe-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-lowlatency-hwe-5.15: Linux low latency kernel Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - io_uring subsystem; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.15.0-178-lowlatency 5.15.0-178.188~20.04.1 Available with Ubuntu Pro linux-image-5.15.0-178-lowlatency-64k 5.15.0-178.188~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-5.15 5.15.0.178.188~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-64k-5.15 5.15.0.178.188~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-64k-hwe-20.04 5.15.0.178.188~20.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-20.04 5.15.0.178.188~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8291-2 https://ubuntu.com/security/notices/USN-8291-1 CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351

[USN-8295-1] Evince vulnerability

========================================================================== Ubuntu Security Notice USN-8295-1 May 22, 2026 evince vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Evince could be made to run programs as your login if it opened a specially crafted file. Software Description: - evince: Document viewer Details: It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS evince 49~alpha-2ubuntu2.1 evince-common 49~alpha-2ubuntu2.1 Ubuntu 25.10 evince 48.1-3ubuntu2.1 evince-common 48.1-3ubuntu2.1 Ubuntu 24.04 LTS evince 46.3.1-0ubuntu1.1 evince-common 46.3.1-0ubuntu1.1 Ubuntu 22.04 LTS evince 42.3-0ubuntu3.2 evince-common 42.3-0ubuntu3.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8295-1 CVE-2026-46529 Package Information: https://launchpad.net/ubuntu/+source/evince/49~alpha-2ubuntu2.1 https://launchpad.net/ubuntu/+source/evince/48.1-3ubuntu2.1 https://launchpad.net/ubuntu/+source/evince/46.3.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/evince/42.3-0ubuntu3.2

Thursday, May 21, 2026

[USN-8294-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-8294-1 May 21, 2026 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in PostgreSQL. Software Description: - postgresql-18: Object-relational SQL database - postgresql-17: Object-relational SQL database - postgresql-16: Object-relational SQL database - postgresql-14: Object-relational SQL database Details: It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472) It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473) It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474) It was discovered that PostgreSQL incorrectly followed symbolic links in pg_basebackup and pg_rewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475) It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476) It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477) It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478) It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479) It was discovered that PostgreSQL incorrectly handled array length mismatches in pg_restore_attribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575) It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6637) It was discovered that PostgreSQL had an SQL injection vulnerability in logical replication REFRESH PUBLICATION. An attacker could possibly use this issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS postgresql-18 18.4-0ubuntu0.26.04.1 Ubuntu 25.10 postgresql-17 17.10-0ubuntu0.25.10.1 Ubuntu 24.04 LTS postgresql-16 16.14-0ubuntu0.24.04.1 Ubuntu 22.04 LTS postgresql-14 14.23-0ubuntu0.22.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8294-1 CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6575, CVE-2026-6637, CVE-2026-6638 Package Information: https://launchpad.net/ubuntu/+source/postgresql-18/18.4-0ubuntu0.26.04.1 https://launchpad.net/ubuntu/+source/postgresql-17/17.10-0ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/postgresql-16/16.14-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/postgresql-14/14.23-0ubuntu0.22.04.1

[USN-8293-1] Bind vulnerabilities

========================================================================== Ubuntu Security Notice USN-8293-1 May 21, 2026 bind9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Bind. Software Description: - bind9: Internet Domain Name Server Details: Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-3039) Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue records. A remote attacker could possibly use this issue to use Bind in denial of service amplification attacks against other systems. (CVE-2026-3592) Naresh Kandula Parmar discovered that Bind incorrectly handled memory in the DNS-over-HTTPS implementation. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-3593) It was discovered that Bind incorrectly handled DNS messages whose class was not IN. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2026-5946) Naoki Wakamatsu discovered that Bind incorrectly handled SIG(0) validation during a query flood. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-5947) Billy Baraja discovered that Bind had an unbounded resend loop in the resolver. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-5950) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS bind9 1:9.20.18-1ubuntu2.1 Ubuntu 25.10 bind9 1:9.20.11-1ubuntu2.4 Ubuntu 24.04 LTS bind9 1:9.18.39-0ubuntu0.24.04.5 Ubuntu 22.04 LTS bind9 1:9.18.39-0ubuntu0.22.04.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8293-1 CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.20.18-1ubuntu2.1 https://launchpad.net/ubuntu/+source/bind9/1:9.20.11-1ubuntu2.4 https://launchpad.net/ubuntu/+source/bind9/1:9.18.39-0ubuntu0.24.04.5 https://launchpad.net/ubuntu/+source/bind9/1:9.18.39-0ubuntu0.22.04.4

[USN-8292-1] libarchive vulnerabilities

========================================================================== Ubuntu Security Notice USN-8292-1 May 21, 2026 libarchive vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libarchive. Software Description: - libarchive: Library to read/write archive files Details: It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. (CVE-2026-4424) It was discovered that libarchive incorrectly handled certain ISO files. An attacker could possibly use this issue to cause incorrect memory allocation via a crafted ISO file, leading to a denial of service. (CVE-2026-4426) It was discovered that libarchive incorrectly handled block pointer allocation in zisofs on 32-bit systems. An attacker could possibly use this issue to cause a heap buffer overflow via a crafted ISO9660 image, possibly leading to arbitrary code execution. (CVE-2026-5121) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libarchive-dev 3.8.5-1ubuntu2.1 libarchive-tools 3.8.5-1ubuntu2.1 libarchive13t64 3.8.5-1ubuntu2.1 Ubuntu 25.10 libarchive-dev 3.7.7-0ubuntu3.2 libarchive-tools 3.7.7-0ubuntu3.2 libarchive13t64 3.7.7-0ubuntu3.2 Ubuntu 24.04 LTS libarchive-dev 3.7.2-2ubuntu0.7 libarchive-tools 3.7.2-2ubuntu0.7 libarchive13t64 3.7.2-2ubuntu0.7 Ubuntu 22.04 LTS libarchive-dev 3.6.0-1ubuntu1.7 libarchive-tools 3.6.0-1ubuntu1.7 libarchive13 3.6.0-1ubuntu1.7 Ubuntu 20.04 LTS libarchive-dev 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro libarchive-tools 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro libarchive13 3.4.0-2ubuntu1.5+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS bsdcpio 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro bsdtar 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive-dev 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive-tools 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro libarchive13 3.2.2-3.1ubuntu0.7+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS bsdcpio 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro bsdtar 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro libarchive-dev 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro libarchive13 3.1.2-11ubuntu0.16.04.8+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS bsdcpio 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro bsdtar 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro libarchive-dev 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro libarchive13 3.1.2-7ubuntu2.8+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8292-1 CVE-2026-4424, CVE-2026-4426, CVE-2026-5121 Package Information: https://launchpad.net/ubuntu/+source/libarchive/3.8.5-1ubuntu2.1 https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu3.2 https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.7 https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.7

[USN-8288-1] Bubblewrap vulnerability

========================================================================== Ubuntu Security Notice USN-8288-1 May 20, 2026 bubblewrap vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: Bubblewrap could be made to bypass sandbox restrictions. Software Description: - bubblewrap: Low-level unprivileged sandboxing tool used by Flatpak and similar projects Details: It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issue to bypass sandbox restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS bubblewrap 0.11.1-1ubuntu0.1 Ubuntu 25.10 bubblewrap 0.11.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8288-1 CVE-2026-41163 Package Information: https://launchpad.net/ubuntu/+source/bubblewrap/0.11.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/bubblewrap/0.11.0-2ubuntu0.1

Wednesday, May 20, 2026

Bouncing messages from freebsd-announce@FreeBSD.org

Hi, this is the Mlmmj program managing the <freebsd-announce@FreeBSD.org> mailing list. Some messages to you could not be delivered. If you're seeing this message it means things are back to normal, and it's merely for your information. Here is the list of the bounced messages: - 259, Message-ID: <20260520222412.AB1E59E91@freefall.freebsd.org> - 260, Message-ID: <20260520222417.DCC0C9E21@freefall.freebsd.org>

FreeBSD Security Advisory FreeBSD-SA-26:22.libcasper

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:22.libcasper Security Advisory The FreeBSD Project Topic: select(2) file descriptor set overflow causes stack overflow Category: core Module: libcasper Announced: 2026-05-20 Credits: Joshua Rogers of AISLE Research Team Affects: All supported versions of FreeBSD. Corrected: 2026-05-20 19:36:41 UTC (stable/15, 15.0-STABLE) 2026-05-20 19:39:35 UTC (releng/15.0, 15.0-RELEASE-p9) 2026-05-20 19:38:00 UTC (stable/14, 14.4-STABLE) 2026-05-20 19:40:00 UTC (releng/14.4, 14.4-RELEASE-p5) 2026-05-20 19:40:38 UTC (releng/14.3, 14.3-RELEASE-p14) CVE Name: CVE-2026-39461 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background libcasper(3) allows Capsicum-sandboxed applications to access system interfaces that are otherwise unavailable within the sandbox. It is used by numerous programs in the base system. II. Problem Description libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). III. Impact An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-15.patch.asc # gpg --verify libcasper-15.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-14.patch.asc # gpg --verify libcasper-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 23929d729d1a stable/15-n283644 releng/15.0/ e22f3f55c360 releng/15.0-n281044 stable/14/ 9e74d5e2e5e4 stable/14-n274167 releng/14.4/ ae34dd1a391f releng/14.4-n273707 releng/14.3/ cbec31838173 releng/14.3-n271507 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-39461> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:22.libcasper.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHsbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrveQAP/iyv1O1XI6tSrRictadU 9tBJFE5WlWGPrB8ID/12nLsKaTM5hzbA1G+v8c3So3FaSEl+m7D8BTri4X0XPibQ 5Pp4v67MO+yqsNxOjwyqAizOnD5bk/sEUuBV5JijZuqsAiEWFw5l0dKDU83zt3vu hyk8/eeKuIxEwDiWQoeE32RM3BupY1ClWp46kiSjvOVzUK04miHQjgFFnVqkBuI7 DeanTjzCw3g+RQNTRKVGE2LYRLFHka6m4Z5RYT7beFOLdlD58T7lvQLl3l3f2QSR hXcq5RxAhf4omPkm432fIdd4nev4gti3rxJC76NM2rIHGeSlRd4O7MHreNwNkU2O 8Rv8IWMCM20zZCtbov7q8XbTqKp8JXSJ/8g15iZuZ4wk+THnpRy7dsRe5eYQvVbB J/zBKB9xMXGp69+88uZHDsSSoS841pkZ61+MlxeK4xC3MO6tlTO0Hannhmy8WCb4 U5GimvX3EcvhGeBWRvPTdPJY9EcrDPDU2djaiFzPZZ7rrUjR8YJ685fyj161nnb+ ibubcwiz7ygQu8b9T0rc1AV5ZTAC/QAlRarDpRNx2Ynh/FlZ89n+N5LnSHwGXc/v /P+ob/5AqdLfyofw5pcx/FVuAiK4bjqDGGYuZw1tplg/L7AV3k87zIMYdCgr3e95 PyQCsFAG014gMVETPGHKm6/7 =ypPx -----END PGP SIGNATURE-----

FreeBSD Security Advisory FreeBSD-SA-26:21.ptrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:21.ptrace Security Advisory The FreeBSD Project Topic: Missing validation in ptrace(PT_SC_REMOTE) Category: core Module: ptrace Announced: 2026-05-20 Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Credits: Ryan at Calif.io Affects: All supported versions of FreeBSD. Corrected: 2026-05-20 19:36:40 UTC (stable/15, 15.0-STABLE) 2026-05-20 19:39:34 UTC (releng/15.0, 15.0-RELEASE-p9) 2026-05-20 19:37:59 UTC (stable/14, 14.4-STABLE) 2026-05-20 19:39:59 UTC (releng/14.4, 14.4-RELEASE-p5) 2026-05-20 19:40:37 UTC (releng/14.3, 14.3-RELEASE-p14) CVE Name: CVE-2026-45253 This vulnerability was independently reported by multiple parties prior to publication. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The ptrace(2) system call provides facilities for a debugger to control the execution of a target process and to obtain status information about it. Among other capabilities, it permits a debugger to execute arbitrary system calls in the target process via the PT_SC_REMOTE operation. II. Problem Description ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. III. Impact The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-15.patch.asc # gpg --verify ptrace-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.4.patch.asc # gpg --verify ptrace-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.3.patch.asc # gpg --verify ptrace-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 3b4afab9add2 stable/15-n283643 releng/15.0/ fd24dd0b38a8 releng/15.0-n281043 stable/14/ fac902a3e039 stable/14-n274166 releng/14.4/ c21d23f0f8be releng/14.4-n273706 releng/14.3/ 45bd421661c4 releng/14.3-n271506 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-45253> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:21.ptrace.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHcbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvLd0QAOQGyaTmlTQJTS+EIPMU +poVU59Fe4L+/+H8LSibnCPBbycH1bv6m9e906s/za0IBLGVq7PhY0U1YtPO5++J A86nLzgqk4hEU5RWmA3+dnLYrIxOf3fVvSev/XAZe/1eWwcljYRCtqLV+IBmyxeZ amfYoXliUTuZHO+r+88HVAgDy6efZ3IlnHF9iMlpsF0IFezpgFh4E6tiJk9/pMlz wuXpHCm34rEjy6bvQaDP9G1zXGszrEatT25d9rKZnHscZCQuRgtpLaOVCuH8oDca +1PFTfTNJnepH9Ir1nSaYLViZdHfuDK40CafZm54q4669AramrySoxNJlnNHOiMK DN4aqxMfW5xCEEK+fIJYqTyW2L3WzRJ8tm3bF/zzsMYTsNmclcklzmuMNqsGQls1 TGIhb+J+e0vkdZOpuJaT65pmGaF2dJeBvwNsIMJgtY3yotUPbDFD1ALNVUwIkKYh m68XK0Ykw93ySLjbORUVFLP5nv5PvYtubAy37q5tskN6hXLlyX5a0QxIL5T5u0jx hwDnyl4UAHGmkBM8U0CnaQbixP/yV0p5q+3NtpBurHB74tov593/U1eroydDywRl Mw2R3k7AFIC5CszwMA6J0l3W2tLq/j7tcTQ/8CNgPpP/TPVntQxQShxB93F+/MdX n9D4phEb7cKk4Y9QIBKkdbYZ =egz5 -----END PGP SIGNATURE-----

FreeBSD Security Advisory FreeBSD-SA-26:20.fusefs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:20.fusefs Security Advisory The FreeBSD Project Topic: Heap overflow in FUSE_LISTXATTR Category: core Module: fusefs Announced: 2026-05-20 Credits: Joshua Rogers of AISLE Research Team Affects: All supported versions of FreeBSD. Corrected: 2026-05-20 19:36:38 UTC (stable/15, 15.0-STABLE) 2026-05-20 19:39:32 UTC (releng/15.0, 15.0-RELEASE-p9) 2026-05-20 19:37:58 UTC (stable/14, 14.4-STABLE) 2026-05-20 19:39:58 UTC (releng/14.4, 14.4-RELEASE-p5) 2026-05-20 19:40:36 UTC (releng/14.3, 14.3-RELEASE-p14) CVE Name: CVE-2026-45252 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The fusefs file system delegates file system operations to a userspace daemon. This daemon ordinarily requires root privileges to operate. When the "vfs.usermount" sysctl is set to 1 (not the default), unprivileged users are permitted to run such daemons and mount fusefs file systems. II. Problem Description When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. III. Impact If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space. IV. Workaround No workaround is available, but systems that do not load the fusefs kernel module or set vfs.usermount=1 are unaffected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-15.patch.asc # gpg --verify fusefs-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.4.patch.asc # gpg --verify fusefs-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.3.patch.asc # gpg --verify fusefs-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ df3f3fa82775 stable/15-n283642 releng/15.0/ 0dd8b983db3c releng/15.0-n281042 stable/14/ 25148c51c8c6 stable/14-n274165 releng/14.4/ 6a299460f159 releng/14.4-n273705 releng/14.3/ 53f3bf4ee1ce releng/14.3-n271505 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-45252> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:20.fusefs.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHIbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvobkP/R3O3bwsnJkhG1NQ6pKh UFcwpZ8TSAqtccHZRQz2zoKTqu/EeClT7Bdgw/Qa8gbZ7IfZgS8AJaR7e4fgpE96 AhHU6cbyZrpwvWUatIKgX57032+M1ioMiz9g0KbGg4W4WKe/QHj4yt45F7qRfLNb BD7Qp7E0XtV+UrNXkhOQQmHyVTpB85tK/e5Yc+vcSgAQ3LWrzwO4zED4f78e3faw oiLm1oE/Vx0jfrRKsnCECdJS532xlfH6iJ2/2ZXfUthGQmZQe34wOMwYS0EcaGZV TQoLwsg5qLj4hJOGMCZk4X4TjrkoQquWdsAQetB8tqXIyw7QEgbMIIbhS3mQZ5CW aEq3wbYMowxCMb/6Dd/R56wDqyGI2Z6GHmUT58M0OSIIISfsD+UHOCW2lrQQ5zrI o1O/IFAvqsmCN6JQzFgC3KC8BLLZWzxf5Bun6yOls/YA31zOXAen0isnbOvVnGot 42Dy65fENCUQMt+p3eDDLQzxDhlqGAGbiqysBmxwTA5Wqc4furv7O0wmBPwOOGeH NqlKYsqO9u4kEW2lTCPs7R5+wsc+EACc07kikDQgp1m59JlkMfmXU4Kbcgw9r4GR 9OWtidfTCDGmt9mXzJVKaBurgJ1iqsBfzzLamWo0iDpUMgUP7VA9jVjVbUmtjH1V qAWdXCXwrbOr+eA50IIPxkal =HzW3 -----END PGP SIGNATURE-----

FreeBSD Security Advisory FreeBSD-SA-26:19.file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:19.file Security Advisory The FreeBSD Project Topic: Kernel use-after-free via file descriptor syscalls Category: core Module: file Announced: 2026-05-20 Credits: 75Acol, Lexpl0it, fcgboy, and robinzeng2015 Credits: Ryan at Calif.io Affects: All supported versions of FreeBSD. Corrected: 2026-05-20 19:36:37 UTC (stable/15, 15.0-STABLE) 2026-05-20 19:39:31 UTC (releng/15.0, 15.0-RELEASE-p9) 2026-05-20 19:37:57 UTC (stable/14, 14.4-STABLE) 2026-05-20 19:39:57 UTC (releng/14.4, 14.4-RELEASE-p5) 2026-05-20 19:40:34 UTC (releng/14.3, 14.3-RELEASE-p14) CVE Name: CVE-2026-45251 This vulnerability was independently reported by multiple parties prior to publication. The reporters' findings prompted a broader review by the FreeBSD Security Team, which identified additional occurrences of the same issue in related code. All known exploitable instances are corrected by this update. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background FreeBSD implements a number of file descriptor types. Traditionally file descriptors are used to perform file or network I/O, but other variants exist such as process descriptors, which enable operations on a particular process. The select(2) and poll(2) system calls allow applications to wait for events related to the object to which a file descriptor refers. These system calls are implemented for many different file descriptor types. For instance, a process descriptor may be used with either system call to wait for the target process to exit. II. Problem Description A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object. In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability. III. Impact The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:19/file-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:19/file-15.patch.asc # gpg --verify file-15.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:19/file-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:19/file-14.patch.asc # gpg --verify file-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 53a78e582a6f stable/15-n283641 releng/15.0/ af79f4148450 releng/15.0-n281041 stable/14/ b90b25c3779e stable/14-n274164 releng/14.4/ 8d8694c224e2 releng/14.4-n273704 releng/14.3/ 659818009d15 releng/14.3-n271504 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-45251> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:19.file.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKG4bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvA78P/iRlQXxVUpth5tRn2FiC lseIWOmh3DVI1OjwFQ30VydwnA5rlOqPPTpF2hsT0ee3ExS6pUKITi3735BmkPvT KvnOKkY9A2DdzXJQ9eZvrVJRN1/VlKx8Us1VmWWRxPHghmcqqTY0wN2lFcsyqcpN 6Wdi51z+X5sLWZZsLsvqAskWiCNqUzBSSWqCTLEW0tBD9AoW2BPQcpAeEmx4MDch Hk2/pecoUL2T/hu3bjo60CTp3R7E4gPt9wM5Ejf32vwsW0sTNkTmy7HbZCNmYHZw R764O4i4poDzccTiXxuhXdrIDXmRQwTyB9d6S12OmP8ec8dAQzm9p5xl4HoHhOho 9zTMCiLoU+ApN1H+bXqN9JvmZ9hfxGqdPaJgZRkQ11xRHg8tz48SigON/vxlbYff ln9EJ+NGEcskrbUAG8cUCJ3/a8A7xLQo07TpvyddeUc6ufk+nFEBzNS3rpaFNy5y GqFIOzqISRSsE1tf6rrItULQEKWtOMUYvAbrcLRwPAQ1cav+sOv9YlfpW36s1+mc CyuXDh3pbN5biajjImGO1CYN92mq/Jfz/cRnvQub+78T+4w6yAxj53fBNg97tIOI b7EISAnbgGj5akQRGJXJ84iuYij9xTPEOCSbfgAqsWXKz6l/bgSoVUhq/e0/dXKA sr+3pjhi5P7N66SvO+7iEpYI =iM1b -----END PGP SIGNATURE-----

FreeBSD Security Advisory FreeBSD-SA-26:18.setcred

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:18.setcred Security Advisory The FreeBSD Project Topic: Stack buffer overflow via setcred(2) Category: core Module: setcred Announced: 2026-05-20 Credits: Ryan of Calif.io Credits: Przemyslaw Frasunek Affects: All supported versions of FreeBSD. Corrected: 2026-01-06 13:34:30 UTC (stable/15, 15.0-STABLE) 2026-05-20 19:39:28 UTC (releng/15.0, 15.0-RELEASE-p9) 2026-05-20 19:37:54 UTC (stable/14, 14.4-STABLE) 2026-05-20 19:39:54 UTC (releng/14.4, 14.4-RELEASE-p5) 2026-05-20 19:40:32 UTC (releng/14.3, 14.3-RELEASE-p14) CVE Name: CVE-2026-45250 This vulnerability was independently reported by multiple parties prior to publication. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background System calls are the programmatic interface through which user-space processes request services from the operating system kernel, providing a controlled boundary between unprivileged application code and privileged kernel operations. setcred(2) is a system call which enables a privileged process to atomically set its full credential set, including the real, effective, and saved user and group identifiers, as well as the list of supplementary groups. It is intended for use by programs such as login(1) and PAM(3)-aware authentication frameworks that must transition a process into a target user context in a single, race-free operation, replacing the need for multiple discrete calls to setuid(2), setgid(2), and setgroups(2). II. Problem Description The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. III. Impact Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-15.patch.asc # gpg --verify setcred-15.patch.asc [FreeBSD 14.x] # fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-14.patch.asc # gpg --verify setcred-14.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ b6cba9028457 stable/15-n281743 releng/15.0/ d98c0a494a42 releng/15.0-n281038 stable/14/ 8eb0bbbd2e46 stable/14-n274162 releng/14.4/ 34da5845b8d4 releng/14.4-n273702 releng/14.3/ bfff5c180193 releng/14.3-n271502 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-45250> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:18.setcred.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKGobFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvSpsP/38o7yHdNEMNMPPOBtKZ 2dn/vmcOo1srkhUx0kl2EVBzirSDsTVkWfUq1Txg5JA7/pG3On/YiaAmUMi9jHqy q0tgkyO/scKGWNDYmFIA9QAXAwwSUZnT+eEwt3IawOzquezD/qr++CCimntSUzsu IP3oMFYaw9JvMF6Z6tTfcYYA02CF7nRrtIJtrxfWkgyDoMoikHsNW4o2LXJTz4bV 2uk7BuQKbDc3gxoEBYd0bulXBa9DHsrfS59eEnbb8txrBjt21aQGjBY8SJSoFyYh yZixmadpZ9J4oTBc03hOO2Z2BN5f/QficGIU4t0wj0A8EcsrspFMDRj2xd/5zi86 VLqiQf6WJbgVyytUe5aYbBPC6eH2TRnMWaOERbocNS6xQKcYpZYqwnVZ77n6tPb4 wKQd+qKYM74lf0BPCBc60h7yo9e6Qd8puGolyL05qdZVB+c3m0qB000gsyNFytFs kQSovaXFf4r0DCEuBixE/Ic5ADwl7A4pCIxqwWwJlnrj77XCobNEQJtajkrapXsU MSLQ20RuRiVNesgyjP9dZCk8enuOl96TwrvdkyqvSJgb0Gw3XEeyCWT4dAE+Fh3A n8RhQeY6YWWk+DOiuw5Q5v2PyoBNoV8jV2AjeXzhIOQsyWGeSYQ2GeFu6PW3UyzQ olNjUPjprNwteRkUuGHmE3zQ =6aG+ -----END PGP SIGNATURE-----