unsubscribe On Wed, Jun 10, 2026 at 9:18 AM FreeBSD Security Advisories < [email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > ============================================================================= > FreeBSD-SA-26:35.openssl Security > Advisory > The FreeBSD > Project > > Topic: Multiple vulnerabilities in OpenSSL > > Category: contrib > Module: openssl > Announced: 2026-06-09 > Credits: See linked vendor advisory in References section > Affects: All supported versions of FreeBSD. > Corrected: 2026-06-09 19:17:36 UTC (stable/15, 15.1-STABLE) > 2026-06-09 19:20:15 UTC (releng/15.1, 15.1-RC3-p1) > 2026-06-09 19:19:54 UTC (releng/15.0, 15.0-RELEASE-p10) > 2026-06-09 19:17:54 UTC (stable/14, 14.4-STABLE) > 2026-06-09 19:19:16 UTC (releng/14.4, 14.4-RELEASE-p6) > 2026-06-09 19:18:46 UTC (releng/14.3, 14.3-RELEASE-p15) > CVE Name: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, > CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, > CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, > CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, > CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project > is a > collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit for the Transport Layer Security (TLS) protocol. It is > also a general-purpose cryptography library. > > II. Problem Description > > Multiple issues have been reported as part of this advisory with different > issues affecting different OpenSSL versions and therefore different FreeBSD > versions. Instead of exhaustively listing detailed writeups for each > issue, > please see the referenced advisory from OpenSSL. > > Issues affecting FreeBSD 15.x (OpenSSL 3.5): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversion > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34181 - PKCS#12 files with PBMAC1 accepted with short HMAC keys > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-34183 - Unbounded memory growth in the QUIC PATH_CHALLENGE > handler > CVE-2026-42764 - NULL dereference in QUIC server initial packet handling > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42767 - NULL dereference in CRMF EncryptedValue decryption > CVE-2026-42768 - Bleichenbacher oracle in CMS_decrypt() and > PKCS7_decrypt() > CVE-2026-42769 - Trust-anchor substitution in CMP rootCaKeyUpdate > handling > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > Issues affecting FreeBSD 14.x (OpenSSL 3.0): > CVE-2026-7383 - Possible heap buffer overflow in ASN.1 string conversion > CVE-2026-9076 - Out-of-bounds read in CMS password-based decryption > CVE-2026-34180 - Heap buffer over-read in ASN.1 content parsing > CVE-2026-34182 - CMS AuthEnvelopedData may accept forged messages > CVE-2026-42766 - Possible NULL dereference in password-based CMS > decryption > CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q > CVE-2026-45445 - AES-OCB IV ignored on the EVP_Cipher() one-shot path > CVE-2026-45446 - Empty-message tag bypass in AES-GCM-SIV and AES-SIV > modes > CVE-2026-45447 - Heap use-after-free in PKCS7_verify() > > III. Impact > > The issues include heap buffer overflows and over-reads, NULL pointer > dereferences, a use-after-free, unbounded memory allocation, and several > cryptographic flaws permitting message forgery, integrity bypass, or > recovery of a private key. > > Security impact ranges from a Denial of Service to a potential remote code > execution. See the OpenSSL advisory for specific details. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > Perform one of the following: > > 1) To update your vulnerable system installed from base system packages: > > Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 > platforms, which were installed using base system packages, can be updated > via the pkg(8) utility: > > # pkg upgrade -r FreeBSD-base > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your vulnerable system installed from binary distribution > sets: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 > platforms > which were not installed using base system packages can be updated via the > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 15.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-15.patch.asc > # gpg --verify openssl-15.patch.asc > > [FreeBSD 14.x] > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch > # fetch https://security.FreeBSD.org/patches/SA-26:35/openssl-14.patch.asc > # gpg --verify openssl-14.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. > > Restart all daemons that use the library, or reboot the system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash in the > following stable and release branches: > > Branch/path Hash Revision > - ------------------------------------------------------------------------- > stable/15/ 865c8ff56693 stable/15-n283889 > releng/15.1/ 083bb80a125a releng/15.1-n283559 > releng/15.0/ 0d6ccbb7524f releng/15.0-n281062 > stable/14/ ec6bfa889b83 stable/14-n274318 > releng/14.4/ 1929d9e173e5 releng/14.4-n273724 > releng/14.3/ dd3096b4efe6 releng/14.3-n271524 > - ------------------------------------------------------------------------- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat <commit hash> > > Or visit the following URL, replacing NNNNNN with the hash: > > <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > <URL:https://openssl-library.org/news/secadv/20260609.txt> > > <URL:https://www.cve.org/CVERecord?id=CVE-2026-7383> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-9076> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-34180> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-34181> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-34182> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-34183> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42764> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42766> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42767> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42768> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42769> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-42770> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-45445> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-45446> > <URL:https://www.cve.org/CVERecord?id=CVE-2026-45447> > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:35.openssl.asc> > -----BEGIN PGP SIGNATURE----- > > iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxkbFIAAAAAABAAO > bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIjEQALlvtT/r8WJ72cw03AZP > 1qPNWibqFxrMccV/fEtVq2csUzMkSq6PvgK3ZZoKgh8e2whpJkEULxRJ5Th8IEoD > McbPdU4+zgqcehfmH6mvuv/yshDJLe0U2iLFSTbzgbx8xe0XRyWJlutlNXSZmLvo > N87HGEtO/gXCXJxZuWFDE4JfO/bECn8wgZ468AD+OMwKRnx13hszmqKnp4cn/bZ8 > 764BqDsyweCBSVbW7AC0A5/BP7e+S+eOGHDSDqm48Jxk8eVsEVvw5wEo7DMLQgQw > /kHc9BSiQ6HPgMvjDryUzX/FhF3El3sKQxkUXNFGcYk8yChTEVtD1C+zf3FACQJA > ZTeDNgJelmeJdK7uzrJtX/8Laozma0+x1+2+YrY+Y1aCqOZ0iicmlytZHRHgZc3R > riEEJdw3nlV6r43WtwBYjJNyOIiqPusYK8K0/RLnMeMtS+mwjjNjGxqcHdFPbSa7 > Xjs4zSAHgkg9NHMwD4S+F+upRZ3yVoZOvIDtqUKO85Mf70OYHHoaZJE4Q7mIPDyE > CbtpeaNpjSkujTR5/Us4JgxRfDqDGyyER/Ub1yZl8uuhKNU7QuOWRQMTeIXp42Es > uClHfLQz5Dvmwy7muDfg5cY0R/F9whvpwSOmILrsViBjcygkzFY9lE1ufW685vbH > 1srvsOXI5oN55cZrX4+H6G17 > =UV/w > -----END PGP SIGNATURE----- > >
