FreeBSD Security Advisory FreeBSD-SA-26:45.audit

submited 02 July 2026

The audit(4) facility incorrectly records successful outcomes for ptrace(PTSCREMOTE) system calls that actually failed, potentially misleading audit-based IDS; all supported FreeBSD versions are affected and patches are available.

DiscoverBSD - The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

Submit

02 July 2026
EuroBSDCon 2026 Travel Grant Open  

The FreeBSD Foundation is accepting travel grant applications for EuroBSDCon 2026, open to FreeBSD developers and advocates who need assistance with travel expenses, with a deadline of July 7, 2026.

FreeBSD Security Advisory FreeBSD-SA-26:46.ktls  

A remote TLS peer can cause a kernel panic via uninitialized memory access in KTLS receive on all supported FreeBSD versions; patches and workarounds are available.

FreeBSD Security Advisory FreeBSD-SA-26:47.linux  

The Linuxulator in FreeBSD 14.3, 14.4, and 15.0 does not zero a stack-allocated Linux siginfo_t before copying kernel data into it, allowing unprivileged users to read 104 bytes of uninitialized kernel stack memory.

FreeBSD Security Advisory FreeBSD-SA-26:49.iconv  

FreeBSD has issued a security advisory for multiple vulnerabilities in iconv(3) affecting HZ, UTF-7, VIQR, ZW, and ISO-2022 encoding modules, which can lead to buffer overflows when processing untrusted input, with patches available for all supported releases.

FreeBSD Security Advisory FreeBSD-SA-26:48.compat32  

FreeBSD's compat32 kevent() handler can expose uninitialized kernel stack data to unprivileged users due to an unzeroed stack struct, affecting FreeBSD 14.3, 14.4, and 15.0; patches and rebuilds are available for stable and release branches.

FreeBSD Security Advisory FreeBSD-SA-26:45.audit  

The audit(4) facility incorrectly records successful outcomes for ptrace(PTSCREMOTE) system calls that actually failed, potentially misleading audit-based IDS; all supported FreeBSD versions are affected and patches are available.

01 July 2026
FreeBSD Security Advisory FreeBSD-SA-26:44.posixshm  

FreeBSD has issued a security advisory for multiple vulnerabilities in POSIX largepage objects (CVE-2026-49427, CVE-2026-49428) that allow unprivileged local users to access freed kernel memory and escalate privileges, with patches available for all supported releases.

FreeBSD Security Advisory FreeBSD-SA-26:43.tcp  

A use-after-free in the TCP RACK stack option handler may allow an unprivileged local user to escalate privileges on all supported FreeBSD versions; patches and updated binaries are available.

FreeBSD Security Advisory FreeBSD-SA-26:42.unlinkat  

The unlinkat(2) and funlinkat(2) system calls ignore the ATRESOLVEBENEATH flag, allowing path resolution to escape the intended directory and delete files outside the confined tree. Patches are available for FreeBSD 14.3, 14.4, 15.0, and 15.1.

FreeBSD Security Advisory FreeBSD-SA-26:41.libalias  

A buffer overflow in the libalias RTSP handler affects all supported FreeBSD versions and can allow remote code execution in the kernel via ipfw(4) NAT or in natd(8) when libalias_smedia.so is loaded.

FreeBSD Security Advisory FreeBSD-SA-26:40.zfs  

FreeBSD has issued a security advisory for OpenZFS with three vulnerabilities: a kernel heap overflow via ZFSIOCUSERSPACEMANY for users with "userused" permission, kernel memory corruption via ZFSIOCRECVNEW for users with "receive" permission, and an ability for any local user to set the "$hasrecvd" metadata flag via ZFSIOCSET_PROP, affecting all supported FreeBSD versions.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
30 June 2026
March 2026 Finance Report  

GhostBSD reports 1,364.91 CAD in March donations, lists infrastructure and hardware expenses totaling 857.68 CAD, and notes 500.00 CAD added to the server fund for a future Ampere ARM server.

relayd(8) and httpd(8) TLS settings update  

Both relayd and httpd now use a "secure" list of allowed crypto methods for HTTPS, including TLSv1.3 and TLSv1.2 AEAD cipher suites, replacing the previous "HIGH:!aNULL" list which contained non-perfect-forward-security methods and may cause old clients to fail to connect.

29 June 2026
Valuable News - 2026/06/29  

This week's roundup covers OpenBSD amd64 kernel virtual address space expanding to 512GB, a patch for missing PKGBASE in FreeBSD jails, FreeBSD Git weekly reports, a new FreeBSD Core Team election, Sylve 0.3.0 adding a PF firewall and WireGuard manager, BSD Now 669 on Poudriere speed, and more.

g2k26: Rust in CMake, and a Heartbeat for Old Daemons  

Author details porting devel/corrosion and devel/cxxbridge-cmd to handle Rust dependencies in CMake-based KDE Plasma ports under OpenBSD's PORTS_PRIVSEP, and fixes a truncation bug in httpd(8) error documents by routing them through bufferevent instead of a single write, plus a privilege-separation bounds-check fix shared by httpd, relayd, iked, and snmpd.

26 June 2026
GhostBSD Firewall  

GhostBSD has an out-of-the-box firewall. This video shows what options there for configuration using the terminal.

BSD Now 669: Poudriere Speed Run  

This episode covers native inotify in FreeBSD, how poudriere.conf changes affect build time, migrating mail servers from exim to OpenSMTPD, and a recap of the April 2026 Frankfurt FreeBSD hackathon.

load more