FreeBSD 15.1-RELEASE, AI-assisted vulnerability discovery, graphics port upgrade and more
Releases
FreeBSD 15.1-RELEASE Announcement: FreeBSD 15.1-RELEASE is now available for amd64, aarch64, armv7, powerpc64, powerpc64le, and riscv64, featuring LinuxKPI-based wireless drivers on Linux 7.0, boot-time scheduler selection, C23 language support progress, and Unicode 17.0.0 with 4,803 new characters.
BSDSec
FreeBSD Security Advisory FreeBSD-SA-26:36.ldns: FreeBSD’s ldns stub resolver fails to validate DNS response source address, port, transaction ID, or question section, letting an off-path attacker forge UDP replies and inject arbitrary DNS data into programs like drill(1). Update via pkg, freebsd-update, or source patch.
FreeBSD Security Advisory FreeBSD-SA-26:35.openssl: Multiple OpenSSL vulnerabilities affecting FreeBSD 14.x and 15.x, including heap buffer overflows, NULL dereferences, use-after-free, and cryptographic flaws, with patches available for all supported branches.
FreeBSD Security Advisory FreeBSD-SA-26:34.vt: An integer overflow in the vt(4) CONS_HISTORY ioctl that can allow an unprivileged local user to trigger an out-of-bounds kernel write and potentially escalate privileges, with patches available for all supported FreeBSD branches.
FreeBSD Security Advisory FreeBSD-SA-26:33.unbound: Multiple vulnerabilities in unbound affecting all supported versions, ranging from DoS to possible remote code execution during DNSSEC validation, with corrections available.
FreeBSD Security Advisory FreeBSD-SA-26:32.elf: An unprivileged local user can disable ASLR for setuid PIE binaries via procctl(2) before execve(2), making exploitation of memory corruption vulnerabilities easier. Patches are available for all supported releases.
FreeBSD Security Advisory FreeBSD-SA-26:31.arm64: FreeBSD has issued a security advisory for an Arm CPU erratum that may allow privilege escalation by bypassing page table permission changes on affected Cortex-A, Neoverse, and C1 models, with patches available for all supported releases.
FreeBSD Security Advisory FreeBSD-SA-26:30.linux: FreeBSD’s Linuxulator incorrectly sets AT_SECURE to zero for setugid Linux binaries, allowing unprivileged users to inject shared libraries via LD_PRELOAD and gain elevated privileges; patches are available for all supported releases.
FreeBSD Security Advisory FreeBSD-SA-26:29.ip6_multicast: A use-after-free in the IPv6 IPV6_MSFILTER socket option handler allows a local unprivileged user to escalate privileges; all supported FreeBSD versions are affected and patches are available for 14.3, 14.4, 15.0, and 15.1.
FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum: sigqueue(2) lacks a capability mode check, allowing a sandboxed process to send signals to other processes, bypassing Capsicum restrictions. Patches and updates are available for FreeBSD 14.3, 14.4, 15.0, and 15.1.
FreeBSD Security Advisory FreeBSD-SA-26:27.sound: FreeBSD sound(4) has two mmap vulnerabilities (CVE-2026-45258, CVE-2026-49417) that allow unprivileged local users to read/write kernel memory via /dev/dsp, enabling privilege escalation or DoS; patches are available for 14.3, 14.4, 15.0, and 15.1.
FreeBSD Security Advisory FreeBSD-SA-26:25.thr: FreeBSD thr_kill2(2) fails to check the result of p_cansignal(), letting unprivileged local users send arbitrary signals to any process or thread, including root or jailed processes, enabling DoS; patches are available for all supported releases.
FreeBSD Errata Notice FreeBSD-EN-26:15.openssl: FreeBSD has updated OpenSSL to 3.0.20 (FreeBSD 14) and 3.5.6 (FreeBSD 15) to fix multiple CVEs including NULL dereferences, use-after-free, and a heap buffer overflow, generally leading to crashes or DoS.
FreeBSD Errata Notice FreeBSD-EN-26:14.syslogd: A memory leak in syslogd(8) affecting FreeBSD 15.0 and later, where casper_ttymsg() fails to free message strings, causing unbounded growth of the syslogd.casper helper process.
As always, it’s worth following BSDSec. RSS feed available.
News
FreeBSD Graphics Port Upgraded to Linux 6.12: The drm-kmod port now includes Linux 6.12 LTS graphics drivers for FreeBSD 15.1+, improving compatibility with modern AMD Radeon and Intel hardware, stability, and Wayland support, with SLTS planned to 2036 via CIP.
FreeBSD AI-assisted Vulnerability Discovery Project launch: The FreeBSD Foundation has launched a 6-month, $250k project funded by Alpha Omega to engage Security Team members in using AI tools to discover and manually patch vulnerabilities in the FreeBSD kernel, base system, and ports tree, while also improving fuzzing and triage infrastructure.
Valuable News – 2026/06/15: This week covers FreeBSD Git Weekly updates, native inotify in FreeBSD, OpenBSD splitting syslogd into privileged and non-privileged binaries, a new FreeBSD rcd service manager daemon, Klara and TrueNAS fixing a long-standing ZFS deduplication issue, and more.
syslogd(8) privileged and non-privileged parts now separate binaries: OpenBSD’s syslogd now splits its privileged and non-privileged components into separate binaries, with the parent process forked and exec’d for stronger isolation and a smaller image size, and the rcctl script updated accordingly.
BSD Now 667: Don’t exceed by security boundary: .NET on FreeBSD 15, Klara and TrueNAS fixing dedup, dhcpcd and unbound in FreeBSD Jails, and more.
Tutorials
OpenBSD under QEMU: Architecture-specific notes on running OpenBSD as a QEMU guest, with working command lines for amd64, arm64, armv7, i386, riscv64, and sparc64, and failure points for alpha, hppa, landisk, loongson, luna88k, macppc, octeon, and powerpc64.
(Video) Connecting vscode to FreeBSD through remote SSH: In this video author explores how to enable vscode “Remote SSH” to connect to a FreeBSD machine, showing three different ways to achieve this.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!