Ngomhla wama-20 kuCanzibe, ngo-2026, abaphuhlisi beFreeBSD babhengeze iipatches zeengozi ezisixhenxe ezintsha kwinkqubo. Ayizizo zonke ezinobungozi ngokulinganayo, kodwa ezinye zimbi kakhulu.
I-CVE-2026-45251 — i-use-after-free kwi-select-like syscalls ukuba uluhlu lwabo lokulinda luqulethe iinkcazo zenkqubo (kwi-FreeBSD 15, kukwakho neenkcazo zejele ezintsha), kwaye ezi nkcazo zivaliwe kwenye intambo ngelixa i-waiting syscall isalindile. Ukugweba ngokwe esi sibopheleloIinkcazo ezinxulumene ne-netmap (umqhubi we-adaptha yenethiwekhi yokufikelela ngokuthe ngqo ngokukhawuleza) nazo ziyachaphazeleka, kodwa akukho lwazi lusemthethweni ngale nto. Iinkcazo zenkqubo zaziswa kwi-FreeBSD 9, ngoko ke kusenokwenzeka ukuba ubuthathaka bubekho ukususela ngoko. Ingxelo esemthethweni ithi ubuthathaka buvumela amalungelo omsebenzisi omkhulu ukuba afunyanwe. Akukho ndlela yokubunciphisa ngaphandle kwepatch okanye uhlaziyo.
I-CVE-2026-45250 — ukubalwa kobungakanani be-buffer obungalunganga kunye nokubhala okulandelayo kwe-stack kwifowuni yenkqubo ye-setcred. Nangona i-setcred ngokwayo ifuna amalungelo eengcambu, ukonakala kwe-stack kwenzeka ngaphambi kokuba amalungelo ahlolwe kwaye ngaloo ndlela ifikeleleka kuye wonke umntu. Le fowuni yenkqubo yaziswa kwi-FreeBSD 14.3 (oko kuthetha ukuba iinguqulelo zangaphambili azichaphazeleki) kwaye ibonelela ngendlela yokuseta zonke ii-ID zomsebenzisi kunye neqela lenkqubo yangoku kwifowuni enye, endaweni yokusebenzisa i-setuid+setgid+setgroups kunye neendibaniselwano ezifanayo. Ubuthathaka buvumela ikhowudi enobungozi ukuba yenziwe kumxholo we-kernel. Akukho ndlela yokuyinciphisa ngaphandle kwe-patch okanye uhlaziyo.
I-CVE-2026-45252 — akukho kuhlolwa kwe-null ephelisayo ngaphambi kokukopa umtya ofunyenwe kwi-daemon yefuse ukuya kwi-buffer entsha. Nangona kunjalo, kukho ukuhlolwa kobungakanani bekopi obuphezulu, kwaye akunakwenzeka ukufunda ngaphezulu kwama-byte angama-253 ezongezelelweyo kwimemori ye-kernel. Kukwanokwenzeka ukubhala ukuya kuthi ga kwi-250 bytes kwi-"unallocated kernel heap space." Ngokwesiqhelo, i-FreeBSD ithintela abasebenzisi abangengabo iingcambu ekufakeni iinkqubo zeefayile, oko kuthetha ukuba ukufaka i-daemon yefuse enobungozi kwi-kernel kufuna ukufikelela kwiingcambu. Nangona kunjalo, ukuba i-sysctl vfs.usermount=1 , inkqubo iba sesichengeni kubasebenzisi abaqhelekileyo. Kukwafanelekile ukuqwalasela ingozi ye-daemon yefuse ejele, apho inokuba yi-root (nangona oku kungavumelekanga ngokwesiqhelo).
I-CVE-2026-45253 — Xa usebenzisa i-ptrace, kwakunokwenzeka ukuqalisa umnxeba wenkqubo ngenombolo engachanekanga kwinkqubo elungisiweyo, nto leyo ekhokelela ekusetyenzisweni kwekhowudi yekernel engenzelwanga ukwenziwa njengomnxeba wenkqubo, enemiphumo emibi kakhulu. Ukuba i-security.bsd.unprivileged_proc_debug=0 isetiwe (okuyindlela elungileyo kumaseva nangona kunjalo, kwaye umfakeli wenkqubo ude anikezele ngolu khetho), umsebenzisi kunye neenkqubo ezivalelwe entolongweni aziyi kukwazi ukusebenzisa i-ptrace, nto leyo eshiya ubuthathaka bufikeleleka kuphela kwi-root.
I-CVE-2026-45255 — Ukufaka imiyalelo ye-shell ene-root privileges kwi-bsdinstall/bsdconfig ngamagama eenethiwekhi ezingenazingcingo ezinobungozi ezingakhange zihlolwe xa zijonga uluhlu lwazo. Ukuze uphephe obu buthathaka, kuphephe nje ukujonga uluhlu lwenethiwekhi engenazingcingo kwi-bsdinstall/bsdconfig.
I-CVE-2026-39461, I-CVE-2026-45254 — ubuthathaka kwilayibrari ye-libcasper (ayikho kwi-kernel). Ilayibrari yenzelwe ukubonelela ngeenkonzo ezikhuselekileyo nezilungelelanisiweyo kwiinkqubo ze-sandboxed. Ubuthathaka obunye bunxulumene nokugcwala kwe-stack kunye nokonakala kwe-stack ngenxa yokulungiselela kwelayibrari amanani amakhulu eenkcazo zeefayile (yenzelwe amanani ukuya kuthi ga kwi-1024, umda omiselweyo wezakhiwo ze-syscall ekhethiweyo). Ubuthathaka besibini kukukwazi ukususa uluhlu lwemiqathango ebekiweyo (ifilosofi yelayibrari kukuba imiqathango xa ibekwe kwinkqubo inokuqina kuphela) cap_net.
Iinguqulelo zenkqubo ezilungisiweyo zineenombolo: 14.3-RELEASE-p14, 14.4-RELEASE-p5, kunye ne-15.0-RELEASE-p9. Kubalulekile nokuphawula ingongoma ebalulekileyo kwabanye: I-FreeBSD 13.5 isandul’ ukuyekiswa—nge-30 ka-Epreli, 2026—kwaye akukho zilungiso zisemthethweni zayo (okanye kwisebe le-13.x ngokubanzi). Nangona kunjalo, ukuba ngesizathu esithile awufuni ukukhawulezisa ukuphucula kwi-14.x release, ii-patches ze-14.3 ngokubanzi zisebenza kwikhowudi yomthombo ye-13.5, kwaye i-CVE-2026-45250 ayibalulekanga kwisebe le-13.x ngenxa yokungabikho kwe-setcred().
umthombo: linux.org.ru
