FreeBSD security advisories, OpenSSH 10.4 release and more
Releases
No releases.
BSDSec
FreeBSD Security Advisory FreeBSD-SA-26:46.ktls: A remote TLS peer can cause a kernel panic via uninitialized memory access in KTLS receive on all supported FreeBSD versions; patches and workarounds are available.
FreeBSD Security Advisory FreeBSD-SA-26:47.linux: The Linuxulator in FreeBSD 14.3, 14.4, and 15.0 does not zero a stack-allocated Linux siginfo_t before copying kernel data into it, allowing unprivileged users to read 104 bytes of uninitialized kernel stack memory.
FreeBSD Security Advisory FreeBSD-SA-26:49.iconv: FreeBSD has issued a security advisory for multiple vulnerabilities in iconv(3) affecting HZ, UTF-7, VIQR, ZW, and ISO-2022 encoding modules, which can lead to buffer overflows when processing untrusted input, with patches available for all supported releases.
FreeBSD Security Advisory FreeBSD-SA-26:48.compat32: FreeBSD’s compat32 kevent() handler can expose uninitialized kernel stack data to unprivileged users due to an unzeroed stack struct, affecting FreeBSD 14.3, 14.4, and 15.0; patches and rebuilds are available for stable and release branches.
FreeBSD Security Advisory FreeBSD-SA-26:45.audit: The audit(4) facility incorrectly records successful outcomes for ptrace(PT_SC_REMOTE) system calls that actually failed, potentially misleading audit-based IDS; all supported FreeBSD versions are affected and patches are available.
FreeBSD Security Advisory FreeBSD-SA-26:44.posixshm: FreeBSD has issued a security advisory for multiple vulnerabilities in POSIX largepage objects (CVE-2026-49427, CVE-2026-49428) that allow unprivileged local users to access freed kernel memory and escalate privileges, with patches available for all supported releases.
FreeBSD Security Advisory FreeBSD-SA-26:43.tcp: A use-after-free in the TCP RACK stack option handler may allow an unprivileged local user to escalate privileges on all supported FreeBSD versions; patches and updated binaries are available.
FreeBSD Security Advisory FreeBSD-SA-26:42.unlinkat: The unlinkat(2) and funlinkat(2) system calls ignore the AT_RESOLVE_BENEATH flag, allowing path resolution to escape the intended directory and delete files outside the confined tree. Patches are available for FreeBSD 14.3, 14.4, 15.0, and 15.1.
FreeBSD Security Advisory FreeBSD-SA-26:41.libalias: A buffer overflow in the libalias RTSP handler affects all supported FreeBSD versions and can allow remote code execution in the kernel via ipfw(4) NAT or in natd(8) when libalias_smedia.so is loaded.
FreeBSD Security Advisory FreeBSD-SA-26:40.zfs: FreeBSD has issued a security advisory for OpenZFS with three vulnerabilities: a kernel heap overflow via ZFS_IOC_USERSPACE_MANY for users with “userused” permission, kernel memory corruption via ZFS_IOC_RECV_NEW for users with “receive” permission, and an ability for any local user to set the “$hasrecvd” metadata flag via ZFS_IOC_SET_PROP, affecting all supported FreeBSD versions.
As always, it’s worth following BSDSec. RSS feed available.
News
OpenSSH 10.4/10.4p1 released: OpenSSH 10.4 adds experimental composite post-quantum signatures (ML-DSA 44 + Ed25519), fixes several security issues in sftp, scp, and sshd, and includes numerous bugfixes and portability improvements.
Valuable News – 2026/07/06: This week covers FreeBSD boot process fundamentals, running pkgbasify on FreeBSD 15.1, upgrading FreeBSD 15.0 to 15.1, a degraded ZFS pool analysis, FreeBSD on Framework systems, monitoring a FreeBSD Mastodon instance, GhostBSD’s March 2026 finance report, and more.
BSD Now 670: Failure is not an Option: This episode covers FreeBSD 15.1-RELEASE, OPNsense 26.1.9, a comparison of FreeBSD Jails vs LXC, and a guide to respectfully archiving a website, plus a look at corrupting a ZFS file on purpose.
EuroBSDCon 2026 Travel Grant Open: The FreeBSD Foundation is accepting travel grant applications for EuroBSDCon 2026, open to FreeBSD developers and advocates who need assistance with travel expenses, with a deadline of July 7, 2026.
Tutorials
How to fix Homebox 0.26.2 not starting on FreeBSD: After upgrading Homebox to 0.26.2 in a FreeBSD jail, the service fails to start due to a missing auth.api_key_pepper; the fix is to generate a 48-byte base64 key with openssl, store it in /etc/rc.conf.d/homebox as HBOX_AUTH_API_KEY_PEPPER, and restart the service.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!