Saturday, May 2, 2026

FreeBSD Errata Notice FreeBSD-EN-26:12.freebsd-update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:12.freebsd-update Errata Notice The FreeBSD Project Topic: Source inconsistency between freebsd-update, EN/SAs, and git Category: core Module: freebsd-update Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-05-01 15:08:47 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-05-01 15:08:38 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:31 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-05-01 15:08:20 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background The FreeBSD Security Team distributes patches for supported releases via the git version control system, as patches link through errata and advisories, and through the freebsd-update binary update system. Both freebsd-update and the errata/advisories do not directly use the authoritative git repo but instead rely on individual patch files. II. Problem Description Due to the manual nature of patch file development and management, there are instances where either a freebsd-update maintained machine or a patched source tree from errata/advisories have become out of sync with the authoritative git repository. Specifically, an earlier version of the patch associated with SA-26:11.amd64 was distributed via freebsd-update. The source patch linked in the advisory and the source in git were both correct. Additionally, patches distributed via freebsd-update and errata/advisories are occasionally missing test or non-material ancillary files to minimize patch size and improve compatibility across releases, causing an additional source of drift from the authoritative git repository. Pkgbase is unaffected as it directly builds from the authoritative git repository. III. Impact As a result of this drift, the FreeBSD Security Team has changed the freebsd-update build mechanism to retrieve source directly from the authoritative git repository. This has caused a binary update to rectify the SA-26:11.amd64 issue as well as alter a few additional files, such as test infrastructure and ancillary tooling files, that have been updated in git but were not distributed via freebsd-update. IV. Workaround No workaround is available. Systems using pkgbase or building directly from source obtained from the authoritative git repository are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot the system. Perform one of the following: 1) If your system is installed from base system packages: No update is needed as pkgbase is not affected by this issue. 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a system update" 3) To update your system via a source code patch: The following patches are only intended to be used for source trees that have been maintained with patches linked by previous EN/SAs. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch.asc # gpg --verify ensa-150.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch.asc # gpg --verify ensa-144.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch.asc # gpg --verify ensa-143.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch.asc # gpg --verify ensa-135.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- releng/15.0/ 53054229dcb3 releng/15.0-n281036 releng/14.4/ 49be56ed6fea releng/14.4-n273700 releng/14.3/ 4f4b48e8a547 releng/14.3-n271500 releng/13.5/ 2e6399fe39b3 releng/13.5-n259222 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270166> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:12.freebsd-update.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0yLQbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvPNYQAIXixMavK1HRNgv1kzms qcAlmg/dd46KZKD7SkgAmlqKfO1wIdpDo5GZhcpKqS0TRorgqi7u9UU8xNsYxyG0 mD00dY1m65Vy5wE56QOYDFGnVgC4ZkP3it0HUGZf2t7H9kWO7LB8w8v41z+V7HKK XRaECq4OyCjeFL9e9C1BdztkFSeVyubN+L2ca8q4S6EWq+4tu9ubTaY+P+Xojy0X 1jX42p31ZYoowHNoNPoC6jfNXrHYg2n7TZ3/kcEwCHlENpoFNT7a87RbijoAlvNP 4Y/IsvlvFdpSjxuyT9chKCPiCaMKkb26Zzng8WPcveeQP1T0f6vV7OFCIl+5RlSM dFAYp3+IgyBfNa2iQ+ANYrVZB6718gBiE3mAweO/3VJDRK0+okxtQoOlonOSOUJd BEQrurf2nVJC0Ihi82C/Yn8lHT6IGgEWQzpLLJH2Y9A5z9IEDNpT7s6l6SwOgVuT 1C16q9IincGwKi8YuL1v3Xr9D71PaFWj9DNVuIVe6j9nAFgqZuIFOTPObDcnfN6t n7hiL2UdOIr9bUxl/H8FQoh5nHeDfbzSn0pF1mvkUMANC1/WSQY3ZVmQHOF5D0yV 9snZZTdsk4eZjhXJUGnLIgBVpYNqwTF7Hm3A0/LF4nbTQm2w78XMj/dIJq7lLliH BHnoS2GbAjlAHemJRTt14Zcm =Baez -----END PGP SIGNATURE-----

No comments:

Friday, May 1, 2026

[USN-8215-1] .NET vulnerability

========================================================================== Ubuntu Security Notice USN-8215-1 April 28, 2026 dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: .NET could be made to crash or run programs as an administrator. Software Description: - dotnet10: .NET CLI tools and runtime Details: It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring. References: https://ubuntu.com/security/notices/USN-8215-1 CVE-2026-40372 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~24.04.1

No comments:

FreeBSD Errata Notice FreeBSD-EN-26:11.dhclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:11.dhclient Errata Notice The FreeBSD Project Topic: dhclient(8) lease validation is too strict Category: core Module: dhclient Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-04-30 21:07:00 UTC (stable/15, 15.0-STABLE) 2026-05-01 15:08:46 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-04-30 21:07:11 UTC (stable/14, 14.4-STABLE) 2026-05-01 15:08:37 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:30 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-04-30 21:07:24 UTC (stable/13, 13.5-STABLE) 2026-05-01 15:08:19 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment and for initialising and configuring network interfaces based on received information. When processing a DHCP offer, dhclient passes various parameters provided by the server to dhclient-script(8). DHCP options, as documented in dhcp-options(5), are passed via the environment. II. Problem Description The patch for FreeBSD-SA-26:15.dhclient introduced some validation of the boot file DHCP option to prevent unescaped values from being written to the stored lease file. This validation is overly strict and rejects Windows paths. III. Impact The overly strict validation may cause dhclient(8) to reject valid leases. IV. Workaround No workaround is available. Systems not running dhclient(8) are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 252f603d1704 stable/15-n283453 releng/15.0/ dc8762cfb6e2 releng/15.0-n281035 stable/14/ 2f9478ad42c4 stable/14-n274094 releng/14.4/ dfcb69cdb07e releng/14.4-n273699 releng/14.3/ 5bad905eb37f releng/14.3-n271499 stable/13/ b1ece85741db stable/13-n259871 releng/13.5/ b362b6b6c8f2 releng/13.5-n259221 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294886> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:11.dhclient.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0xiAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvJnEQAJ8ZYWjGt7iYjMkOZiM1 I7NLl7RygvIWU25ThAOXlA7zPA7LbS23+nca4QlNdvTVkpcfsCrmxhJYY4ymkZh7 QuEVDEp20n02S7362S9kCpmp3NDXQvuCPNt8zRel4ek3u/b8/9KCASL1jN+1eSgR G8ZVWVheRzKgsaYJsDIyX0AjNk41gQk8ASYoWjeIk5F14kFk3ozlfJTrBL2XlOuL J28P47d5lEgU2x04xLSZF9xQrF1I13XZa8pMtogF3aveTXXVzHDJFZIcppu0uQYY tp9uvyQ6NnzNPBXWztVCJ+eRdxS4RLp3Dp3U9/3GrqVuCfG8BO7kE5OhcjO0EPVC lmvXBJLqQnsodEQA0BysAsMxlMcw+n6z0np2DFdFCkyLrPCx3Bm+D/WRLngRcp4s +FBIgoF+ywUXVwLRkVJeCsQJTNzVhneq8rtcfE6LdJoIgW/oOUyNEJTBpgvhXmz6 /pmW47cmNY+CFWCXAL/7fLZVX1dYvEpSn+Iqqs8Efr2OFfQqRXZunJXNXnKuMtfT p82Hl////cHObQSqlI95J5yJmdBzOxlpzHTwSLVTD5SfvAcN3PzN3hRhFFqG8lg5 HV64Fu1xPqLX1mthTw1Sbng5mTUL+MJ5BN26M+UevYZBi02m5nMUyjWH+D4Bn3RS gajZ9Z16VPgdlPsNPihqsx7k =Ro3y -----END PGP SIGNATURE-----

No comments:

[USN-8222-1] OpenSSH vulnerabilities

========================================================================== Ubuntu Security Notice USN-8222-1 April 29, 2026 openssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol (-O) option. This could result in certain files being installed setuid or setgid, contrary to expectations. (CVE-2026-35385) Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell metacharacters in usernames within a command line. When untrusted usernames and non-default configurations using % in ssh_config are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-35386) Christos Papakonstantinou discovered that OpenSSH incorrectly handled parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms options. This could result in unintended ECDSA algorithms being used, contrary to expectations. (CVE-2026-35387) Michalis Vasileiadis discovered that OpenSSH incorrectly handled proxy-mode multiplexing sessions. This could result in no confirmation being asked, contrary to expectations. (CVE-2026-35388) Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates with the principal name containing a comma character when using user-trusted CA keys in authorized_keys and an authorized_keys principals="" option that lists more than one principal. This could result in inappropriate principal matching, contrary to expectations. (CVE-2026-35414) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS openssh-client 1:10.2p1-2ubuntu3.2 openssh-server 1:10.2p1-2ubuntu3.2 Ubuntu 25.10 openssh-client 1:10.0p1-5ubuntu5.4 openssh-server 1:10.0p1-5ubuntu5.4 Ubuntu 24.04 LTS openssh-client 1:9.6p1-3ubuntu13.16 openssh-server 1:9.6p1-3ubuntu13.16 Ubuntu 22.04 LTS openssh-client 1:8.9p1-3ubuntu0.15 openssh-server 1:8.9p1-3ubuntu0.15 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8222-1 CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:10.2p1-2ubuntu3.2 https://launchpad.net/ubuntu/+source/openssh/1:10.0p1-5ubuntu5.4 https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.16 https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.15

No comments:

FreeBSD Security Advisory FreeBSD-SA-26:14.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:14.pf Security Advisory The FreeBSD Project Topic: pf can overflow the stack parsing crafted SCTP packets Category: core Module: pf Announced: 2026-04-29 Credits: Igor Gabriel Sousa e Souza Affects: All supported versions of FreeBSD. Corrected: 2026-04-29 14:47:50 UTC (stable/15, 15.0-STABLE) 2026-04-29 14:48:30 UTC (releng/15.0, 15.0-RELEASE-p7) 2026-04-29 14:48:52 UTC (stable/14, 14.4-STABLE) 2026-04-29 14:49:44 UTC (releng/14.4, 14.4-RELEASE-p3) 2026-04-29 14:49:20 UTC (releng/14.3, 14.3-RELEASE-p12) 2026-04-29 14:50:08 UTC (stable/13, 13.5-STABLE) 2026-04-29 14:50:20 UTC (releng/13.5, 13.5-RELEASE-p13) CVE Name: CVE-2026-7164 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background pf is an Internet Protocol packet filter originally written for OpenBSD. SCTP is a transport protocol with multihome support. pf parses SCTP packets to discover additional addresses for SCTP endpoints, allowing it to create states allowing connections between these additional addresses. II. Problem Description Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. III. Impact Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset. IV. Workaround No workaround is available. Systems not using pf are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-150.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-150.patch.asc # gpg --verify pf-150.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-144.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-144.patch.asc # gpg --verify pf-144.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-143.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-143.patch.asc # gpg --verify pf-143.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-135.patch # fetch https://security.FreeBSD.org/patches/SA-26:14/pf-135.patch.asc # gpg --verify pf-135.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ e1c9f92130e8 stable/15-n283379 releng/15.0/ c01d9bcf0cf6 releng/15.0-n281031 stable/14/ ba21845e94dd stable/14-n274078 releng/14.4/ 0cbe512c7a80 releng/14.4-n273693 releng/14.3/ 63495b09ccf5 releng/14.3-n271490 stable/13/ ed0e766f1256 stable/13-n259861 releng/13.5/ 0ab05345fb40 releng/13.5-n259217 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-7164> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:14.pf.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnySS0bFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIZAP/1GsgtB+t9rl+cOV5dv6 EeW82SX6ivf2GdmjiuXGSKoGuw3VsXPUC4RCcnFoewr1dmh+p0mGGnN0mH7lwXlT 8HG/ZF5sRXAvbaqMt2t2kPh6RbSUTfDm9TWpFQRCUmCn2PjAtrZtjQAjEZZOhfAS domShW7gUMTHl5AA3bpSWyL/GL2/WicOkhczJAoRg8rlUiFmTg8OYWPmSZfXfLtf E5AeXlfn5OaXFFupB+FKsdQDShU2p01kh6BtpyfH6TXa7a2yM3Cu4OdL37oy+TSi OgH3G7/CveNXqRknOD5DJi/kwIGbWpGLGnyAerOepY3MMq8Wag5Wz0Ive2H6B6Ud 45v7cmXhDUUaNv/vAW/q+oiru0qJKzEvOlL7RWOxDLz1eL1P8Cqj9fJBLmD9Z3GW t4QwGS09bkDcvkxyLh4HkrHwuOmZIP/OXfdHZji98N7tgmvepiNdv8e+Ww2Pm/Oc M+E+44nx2grOpo5kewoUUT9KPxNMwn2h91Pdh2qLFCAb/HTuJ9cpPcoKvw2DAsYz 6IGLxUjQA13kkD9J7ehlvEd1/OaYxBeRIBVIJAxV2Y3OJMLhQRCu1HKz1ACNkQY0 /wHT5DXf4Q8PfGCEyEjtRI/tVAtVFdojSAfyWuxfusSjTxGD6SAz/MjWKI0oqGPZ oTn0P+vVYzU3/bYgLl6DYOCP =dRoD -----END PGP SIGNATURE-----

No comments:

FreeBSD Security Advisory FreeBSD-SA-26:15.dhclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:15.dhclient Security Advisory The FreeBSD Project Topic: Remotely triggerable out-of-bounds heap write in dhclient Category: core Module: dhclient Announced: 2026-04-29 Credits: Joshua Rogers of AISLE Research Team Affects: All supported versions of FreeBSD. Corrected: 2026-04-29 14:47:49 UTC (stable/15, 15.0-STABLE) 2026-04-29 14:48:29 UTC (releng/15.0, 15.0-RELEASE-p7) 2026-04-29 14:48:51 UTC (stable/14, 14.4-STABLE) 2026-04-29 14:49:42 UTC (releng/14.4, 14.4-RELEASE-p3) 2026-04-29 14:49:24 UTC (releng/14.3, 14.3-RELEASE-p12) 2026-04-29 14:50:07 UTC (stable/13, 13.5-STABLE) 2026-04-29 14:50:19 UTC (releng/13.5, 13.5-RELEASE-p13) CVE Name: CVE-2026-42512 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment and for initialising and configuring network interfaces based on received information. When processing a DHCP offer, dhclient passes various parameters provided by the server to dhclient-script(8). DHCP options, as documented in dhcp-options(5), are passed via the environment. II. Problem Description As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. III. Impact A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution. IV. Workaround No workaround is available. Systems not running dhclient(8) are not affected. The attacker needs to be on the same broadcast domain and respond to DHCP requests. A well-managed network will configure DHCP snooping on switches to prevent rogue DHCP servers from operating. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:15/dhclient.patch # fetch https://security.FreeBSD.org/patches/SA-26:15/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 4408b683d237 stable/15-n283378 releng/15.0/ 66d6c32ce7b8 releng/15.0-n281030 stable/14/ a813012f4b76 stable/14-n274077 releng/14.4/ d60456d859a1 releng/14.4-n273692 releng/14.3/ 76734958a098 releng/14.3-n271493 stable/13/ 5d3e93fda7ce stable/13-n259860 releng/13.5/ 5a5e7883a3bb releng/13.5-n259216 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-42512> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:15.dhclient.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnySTMbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvvwIP/3DfD428ehRM/ukPC7bY 2AUpIfE5s+AHvE6JiRF8IcbsuVRHsMfO1Z6YWYMfPxhzTpoKhjBcC1XuM6fMugcP 9GFRoW1u4f17trfSSTFMbgTA6q7EC1hab1wQsGhpgazQA+lGpUjoISC88ah+jiEu +Z1b9ubyuYURnstf5V5gj3cRunt9YL3ZuBC0oJJaybODJSuVvuvgZL3QvtwSGM98 OJmqEANEYO3uGpkbeJsIXBYvzqJdzVHpp/rVF84+PHYLp/uqVaWFllflWLwEp6wE 0oSKmsWljjPjL2bIcbsxu+aJH4XJDwDizgYRq6IVnbV/G3XYqQPJwMyQh/qGDhIq 8hA3tG/aQrs5ukL4WE7eMMM+fNzy+LTBfD3vWyfuabFHmKXBCI+Kc6q+oNcPGXeq /ofaJav+ivO4d0H6XHIJ/MtZOO9782EXYWmR8X8E4myZ4z6/vtmqUzL457Kh2v7b rdGE/1tdd+CyIVobfcuPJBq0cx8Fp8gVydcQ7Ts6i5Hqx/Grz2za5qvQgsHsruqo ZQxb3rw7J6wp7w7duqEl9cYVZRgz9CdmTSmjCPi8Ws3nO0PCBV220/dHBHi/kPtl f2GPmIBJA2s0HjTiPQJp9LAFaAnUuCsleo4PEj04NDe6QFMt/u1W22AZbO50zCOQ wuVe9dL9HWnNoKuR1hjIWB27 =rnNn -----END PGP SIGNATURE-----

No comments:

[USN-8226-1] kmod update

========================================================================== Ubuntu Security Notice USN-8226-1 April 30, 2026 kmod update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: kmod has been updated to block loading of the algif_aead kernel module. Software Description: - kmod: tools for managing Linux kernel modules Details: It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 kmod 34.2-2ubuntu1.1 Ubuntu 24.04 LTS kmod 31+20240202-2ubuntu7.2 Ubuntu 22.04 LTS kmod 29-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8226-1 CVE-2026-31431, https://launchpad.net/bugs/2150743 Package Information: https://launchpad.net/ubuntu/+source/kmod/34.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/kmod/31+20240202-2ubuntu7.2 https://launchpad.net/ubuntu/+source/kmod/29-1ubuntu1.1

No comments:

[USN-8226-2] kmod update

========================================================================== Ubuntu Security Notice USN-8226-2 April 30, 2026 kmod update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: kmod has been updated to block loading of the algif_aead kernel module. Software Description: - kmod: tools for managing Linux kernel modules Details: USN-8226-1 added a mitigation to kmod to disable loading the algif_aead module. This update adds the same mitigation to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kmod 27-1ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS kmod 24-1ubuntu3.5+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS kmod 22-1ubuntu5.2+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS kmod 15-0ubuntu7+esm1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8226-2 https://ubuntu.com/security/notices/USN-8226-1 CVE-2026-31431

No comments:

Bouncing messages from freebsd-announce@FreeBSD.org

Hi, this is the Mlmmj program managing the <freebsd-announce@FreeBSD.org> mailing list. Some messages to you could not be delivered. If you're seeing this message it means things are back to normal, and it's merely for your information. Here is the list of the bounced messages: - 246, Message-ID: <20260429184103.9E3419761@freefall.freebsd.org>

No comments:
Subscribe to: Posts (Atom)