FreeBSD's ldns stub resolver fails to validate DNS response source address, port, transaction ID, or question section, letting an off-path attacker forge UDP replies and inject arbitrary DNS data into programs like drill(1). Update via pkg, freebsd-update, or source patch.

Multiple OpenSSL vulnerabilities affecting FreeBSD 14.x and 15.x, including heap buffer overflows, NULL dereferences, use-after-free, and cryptographic flaws, with patches available for all supported branches.

An integer overflow in the vt(4) CONS_HISTORY ioctl that can allow an unprivileged local user to trigger an out-of-bounds kernel write and potentially escalate privileges, with patches available for all supported FreeBSD branches.

Multiple vulnerabilities in unbound affecting all supported versions, ranging from DoS to possible remote code execution during DNSSEC validation, with corrections available.

An unprivileged local user can disable ASLR for setuid PIE binaries via procctl(2) before execve(2), making exploitation of memory corruption vulnerabilities easier. Patches are available for all supported releases.

FreeBSD has issued a security advisory for an Arm CPU erratum that may allow privilege escalation by bypassing page table permission changes on affected Cortex-A, Neoverse, and C1 models, with patches available for all supported releases.

FreeBSD's Linuxulator incorrectly sets ATSECURE to zero for setugid Linux binaries, allowing unprivileged users to inject shared libraries via LDPRELOAD and gain elevated privileges; patches are available for all supported releases.

A use-after-free in the IPv6 IPV6_MSFILTER socket option handler allows a local unprivileged user to escalate privileges; all supported FreeBSD versions are affected and patches are available for 14.3, 14.4, 15.0, and 15.1.

sigqueue(2) lacks a capability mode check, allowing a sandboxed process to send signals to other processes, bypassing Capsicum restrictions. Patches and updates are available for FreeBSD 14.3, 14.4, 15.0, and 15.1.

FreeBSD sound(4) has two mmap vulnerabilities (CVE-2026-45258, CVE-2026-49417) that allow unprivileged local users to read/write kernel memory via /dev/dsp, enabling privilege escalation or DoS; patches are available for 14.3, 14.4, 15.0, and 15.1.

FreeBSD thrkill2(2) fails to check the result of pcansignal(), letting unprivileged local users send arbitrary signals to any process or thread, including root or jailed processes, enabling DoS; patches are available for all supported releases.

FreeBSD has updated OpenSSL to 3.0.20 (FreeBSD 14) and 3.5.6 (FreeBSD 15) to fix multiple CVEs including NULL dereferences, use-after-free, and a heap buffer overflow, generally leading to crashes or DoS.

A memory leak in syslogd(8) affecting FreeBSD 15.0 and later, where casper_ttymsg() fails to free message strings, causing unbounded growth of the syslogd.casper helper process.

Architecture-specific notes on running OpenBSD as a QEMU guest, with working command lines for amd64, arm64, armv7, i386, riscv64, and sparc64, and failure points for alpha, hppa, landisk, loongson, luna88k, macppc, octeon, and powerpc64.

In this video author explores how to enable vscode "Remote SSH" to connect to a FreeBSD machine, showing three different ways to achieve this.

This week's roundup covers FreeBSD 15.1-RC3, OpenBSD updating clang/lld to 22.1.6 and adding boot-time relinking for httpd and smtpd, NetBSD's GSoC 2026 contributors, an analysis of a compromised pfSense firewall, using object storage with OpenZFS and SeaweedFS, and more.

The third release candidate build for the FreeBSD 15.1 release cycle is now available. ISO images for the amd64, armv7, aarch64, powerpc64, powerpc64le, and riscv64 architectures are FreeBSD mirror sites.

The NetBSD Foundation’s 2026 AGM covers progress on NetBSD 11.0 (now at RC5), the CVS-to-Git/Mercurial migration, and infrastructure challenges like LLM scraping and hardware aging. Highlights include five Google Summer of Code projects, CNA onboarding for security advisories, and plans to streamline release cycles. The full IRC log details team updates from core, admins, releng, and security.