I te 20 o Mei, 2026, i panuitia e ngā kaiwhakawhanake FreeBSD ngā papaki mō ngā ngoikoretanga hou e whitu i roto i te pūnaha. Ehara i te mea he rite te morearea o ēnei ngoikoretanga katoa, engari he tino kino ētahi.
CVE-2026-45251 — use-after-free i roto i ngā pūnaha whiriwhiri-rite mēnā kei roto i tā rātou rārangi tatari ngā whakaahuatanga tukanga (i roto i te FreeBSD 15, kei reira anō ngā whakaahuatanga whare herehere hou), ā, i katihia ēnei whakaahuatanga i roto i tētahi atu miro i te wā e tatari tonu ana te pūnaha tatari. Mā te aromatawai tēnei tukungaKa pāngia hoki ngā whakaahuatanga e pā ana ki te netmap (te taraiwa urutau whatunga mō te urunga tika tere), engari kāore he kōrero whaimana mō tēnei. I whakaurua ngā whakaahuatanga tukanga ki FreeBSD 9, nō reira kua roa pea te ngoikore mai i taua wā. E kī ana te kōrero whaimana ka taea e te ngoikore te whiwhi mana kaiwhakamahi nui. Kāore he huarahi hei whakaiti i tēnei me te kore he papaki, he whakahou rānei.
CVE-2026-45250 — he tataunga hē o te rahi o te pūwero, ā, ka puta he tuhi puranga i roto i te karangatanga pūnaha setcred. Ahakoa me whai mana pakiaka a setcred, ka puta te pirau o te puranga i mua i te tirotiro i ngā mana, ā, ka taea te uru atu ki te katoa. I whakaurua tēnei karangatanga pūnaha ki FreeBSD 14.3 (ko te tikanga kāore ngā putanga o mua e pāngia) ā, ka whakaratohia he huarahi hei whakatakoto i ngā ID kaiwhakamahi me ngā ID rōpū katoa o te tukanga o nāianei ki roto i te karangatanga kotahi, hei utu mō te whakamahi i te setuid+setgid+setgroups me ngā huinga rite. Mā te ngoikoretanga ka taea te whakahaere i te waehere kino i roto i te horopaki kernel. Kāore he huarahi hei whakaiti i tēnei me te kore he papaki, he whakahou rānei.
CVE-2026-45252 — kāore he tirotiro mō te kore e mutu i mua i te tārua i tētahi aho i riro mai i te daemon fuse ki tētahi arai hou. Heoi, he tirotiro mō te rahi tārua mōrahi, ā, kāore e taea te pānui i te neke atu i te 253 paita tāpiri mai i te mahara kernel. Ka taea hoki te tuhi ki te 250 paita ki te "wāhi puranga kernel kāore i tohaina." Mā te taunoa, ka ārai a FreeBSD i ngā kaiwhakamahi ehara i te pakiaka ki te whakairi i ngā pūnaha kōnae, ko te tikanga me uru pakiaka te tāuta i tētahi daemon fuse kino ki roto i te kernel. Heoi, ki te sysctl vfs.usermount=1 , ka ngoikore te pūnaha ki ngā kaiwhakamahi noa. He mea tika hoki kia whakaarohia te mōrearea o te daemon fuse i roto i te whare herehere, ka taea te pakiaka (ahakoa kua āraia hoki tēnei e te taunoa).
CVE-2026-45253 — I te whakamahi i te ptrace, i taea te whakarewa i tētahi waea pūnaha me tētahi tau hē i roto i tētahi tukanga kua whakatikahia, ka hua ake te whakahaere i te waehere kernel kāore i te whakaarohia kia whakahaerea hei waea pūnaha, me ngā hua kino pea. Mēnā ka whakatakotoria te security.bsd.unprivileged_proc_debug=0 (he mahi pai tēnei mō ngā tūmau, ā, ka tukuna anō hoki tēnei kōwhiringa e te kaiwhakauru pūnaha), kāore e taea e ngā tukanga kaiwhakamahi me ngā tukanga kua mauheretia te whakamahi i te ptrace, ka waiho ko te pakiaka anake te hunga e uru atu ana ki te ngoikoretanga.
CVE-2026-45255 — Te werohanga i ngā whakahau anga me ngā mana pakiaka ki roto i te bsdinstall/bsdconfig mā roto i ngā ingoa o ngā whatunga ahokore kino kāore i tirotirohia i te wā e tirohia ana tā rātou rārangi. Hei karo i tēnei ngoikoretanga, karohia te tiro i te rārangi whatunga ahokore mai i te bsdinstall/bsdconfig.
CVE-2026-39461, CVE-2026-45254 — ngā ngoikoretanga i roto i te whare pukapuka libcasper (ehara i te kernel). Kua hangaia te whare pukapuka mō te whakarato ratonga haumaru, ka taea te whirihora ki ngā tukanga pouaka onepu. Ko tētahi ngoikoretanga e pā ana ki te waipuke o te puranga me te pirau o te puranga nā te whakaritenga o te whare pukapuka o ngā tau whakaahuatanga kōnae nui (i hangaia mō ngā tau tae atu ki te 1024, te rohe taunoa mō ngā hanganga mō te pūnaha tīpako). Ko te ngoikoretanga tuarua ko te kaha ki te tango i ngā rārangi here kua whakatakotoria (ko te rapunga whakaaro o te whare pukapuka ko ngā here kua whakatakotoria ki runga i tētahi tukanga ka kaha ake) cap_net.
Ko ngā putanga kua papakihia o te pūnaha kua tau: 14.3-RELEASE-p14, 14.4-RELEASE-p5, me te 15.0-RELEASE-p9. He mea nui hoki kia mōhiotia tētahi kōrero nui mō ētahi: Nō nā tata nei i mutu ai te hanga o FreeBSD 13.5—30 o Paenga-whāwhā, 2026—ā, kāore he whakatikatika mana mōna (mō te peka 13.x rānei). Heoi, ki te kore koe e hiahia ki te tere whakahou ki te putanga 14.x, ko ngā whakatikatika mō te 14.3 ka pā ki te waehere pūtake 13.5, ā, kāore he pānga o te CVE-2026-45250 mō te peka 13.x nā te korenga o te setcred().
Source: linux.org.ru
