FreeBSD security fixes for AMD64, TTY, and VM flaws, HardenedBSD adopts Radicle, and FreeBSD Q1 2026 updates and more.
Releases
No releases.
BSDSec
FreeBSD Security Advisory FreeBSD-SA-26:11.amd64: This addresses a critical flaw in the handling of large page mappings on amd64 systems, specifically in the pmap_pkru_update_range() function. The vulnerability, identified as CVE-2026-6386, arises from incorrect treatment of 1GB largepage mappings created via shm_create_largepage(3), allowing unprivileged users to overwrite restricted memory regions. This affects all supported FreeBSD versions, with patches released for stable and release branches (15.0, 14.4, 14.3, and 13.5) as of April 21, 2026. No workaround exists, and systems must be updated via package managers, freebsd-update, or manual patching followed by a reboot.
FreeBSD Security Advisory FreeBSD-SA-26:10.tty: The flaw stems from the handler’s failure to clear a back-pointer from the terminal structure to a process’s session, potentially leaving a dangling pointer when the process exits. Exploitation of this vulnerability could allow a malicious process to escalate privileges to root without any available workaround. The issue was corrected across all active release branches (15.0, 14.4, 14.3, and 13.5) with patches and updated binaries released on the same day, requiring a system reboot to fully mitigate the risk.
FreeBSD Errata Notice FreeBSD-EN-26:07.pkgbase: FreeBSD 15.0 systems face a build failure in base packages when using libucl version 0.9.3 or later due to an API change that restricts the “.include” directive in the Lua ucl module. This issue prevents the “make update-packages” command from completing successfully, impacting future FreeBSD releases that include newer libucl versions. No workaround exists, but the problem is resolved by updating the base system source tree to a supported branch dated after April 7, 2026 (stable/15) or April 21, 2026 (releng/15.0). The correction involves patches to the pkgbase component, with no changes required on the host system. Affected users can apply the provided patch or sync to the corrected Git commit hashes for their respective branches.
FreeBSD Errata Notice FreeBSD-EN-26:06.timerfd: This errata addresses a flaw in the timerfd(2) system call where periodic timers could trigger prematurely, leading to excessive CPU usage in certain applications like KDE desktop programs. The issue affects FreeBSD 14.3 and later versions, with corrections applied across stable and release branches (14.3-RELEASE-p11, 14.4-RELEASE-p2, 15.0-RELEASE-p6). No workaround exists, but users can resolve the problem by upgrading via pkg, freebsd-update, or applying a source patch followed by a kernel recompile.
FreeBSD Errata Notice FreeBSD-EN-26:05.vm: The FreeBSD project released an errata notice for a regression in the virtual memory (VM) subsystem where the page fault handler fails to zero-fill allocated memory under certain conditions, particularly during heavy memory pressure with swapping. This issue affects all supported FreeBSD versions and can cause process crashes when uninitialized memory is exposed to applications using mmap(2) with the MAP_ANON flag. No workaround exists, but corrections have been applied across stable and release branches (15.0, 14.4, 14.3, and 13.5) as of April 2026. Users are advised to update via pkg, freebsd-update, or source patches, followed by a system reboot.
OpenBSD Errata: April 21, 2026 (libxpm slaacd): Errata patches for X11 libXpm and IPv6 slaacd have been released for OpenBSD 7.7 and 7.8. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.
As always, it’s worth following BSDSec. RSS feed available.
News
Valuable News – 2026/04/27: The Valuable News series curates noteworthy updates, articles, and resources primarily related to UNIX/BSD/Linux systems. This edition highlights FreeBSD advancements, including its path toward NIST FIPS 140-3 compliance, performance optimizations for ZFS in high-density email storage, and the release of GhostBSD 26.1 based on FreeBSD 15.0. It also covers hardware innovations like DIY RAM fabrication and low-vibration PC fans, alongside broader tech discussions such as open-source sustainability challenges and GitHub’s downtime trends post-Microsoft acquisition. Additional sections feature UNIX/audio/video content, including FreeBSD desktop reviews and Bhyve user calls.
HardenedBSD adopts Radicle for decentralized code hosting: HardenedBSD has officially migrated its core repositories to Radicle, a peer-to-peer alternative to centralized platforms like GitHub. The transition includes the HardenedBSD-src, HardenedBSD-ports, and HardenedBSD-pkg repositories, with plans to move additional projects like secadm in the future. Basic integration with the ports tree allows fetching distfiles from Radicle, though performance optimizations, such as adjusting fetch limits to 3GB, are recommended for handling large repositories. Users can access the repositories via the HardenedBSD seed node at rad.hardenedbsd.org, with step-by-step seeding and cloning instructions provided.
FreeBSD Q1 2026 Status Report: The FreeBSD Q1 2026 Status Report highlights 45 entries across various teams and projects, marking the first report under a new, enforced schedule. Key updates include the FreeBSD Foundation’s sponsorship of 644 commits (555 in src, 83 in ports, and 16 in doc), with notable projects like the Alpha-Omega Beach Cleaning initiative to improve security in third-party base system software and the Cyber Resilience Act (CRA) Readiness Project to prepare for EU regulations. The Laptop Testing and Integration Project introduced a Python-based application to assess FreeBSD compatibility on laptops, while Sylvea released v0.2.3, a unified system management platform for FreeBSD with enhanced jail and VM support. Kernel improvements include Suspend/Resume (S0ix) for modern laptops, Hibernate (suspend-to-disk) development, and CPPC support for AMD/Intel CPUs. Architectural updates feature drm-kmod on ARM64, BananaPi-R64/R2-PRO driver development, and NXP DPAA2 networking enhancements. Cloud advancements include FreeBSD on EC2 with updated AMIs and STACKIT Cloud integration, while ports updates cover KDE Plasma 6.6.3, OpenJDK 21/25, and Wazuh 4.14.3 for security monitoring. Documentation efforts expanded Russian translations, and the FreeBSD HPC Initiative introduced ports like Slurm, OpenMPI, and UCX for high-performance computing. The report also notes team changes, such as new Release Engineering members and Ports committers.
BastilleBSD announces part-time FreeBSD sysadmin hiring plans: BastilleBSD is considering hiring a part-time FreeBSD and Bastille sysadmin for approximately 20 hours per week, with a focus on candidates in the EMEA or APAC time zones. The role requires experience with FreeBSD, Bastille, nginx, and proficiency in at least one coding language, with an expected start date in mid-to-late 2026. The position involves working with the creator of Bastille on a cybersecurity startup. The announcement was shared on Fosstodon, a Mastodon-based platform.
Tutorials
Optimizing ZFS Performance Without New Hardware: ZFS performance can be significantly enhanced through software tuning rather than hardware upgrades. Key areas for optimization include adjusting the recordsize parameter, which defines the block size and should be tailored to specific workloads (e.g., 16K for databases, 1MiB–4MiB for general storage). Enabling compression, particularly with algorithms like LZ4, often improves both storage efficiency and performance by reducing I/O overhead. Pool topology also plays a critical role; replacing wide RAIDz configurations with mirrored VDEVs can boost throughput by increasing parallelism. Additionally, disabling prefetch for random-access workloads (e.g., databases) prevents unnecessary I/O operations. These adjustments allow administrators to maximize existing hardware efficiency, though workload-specific testing is essential for optimal results.
TopBar - Desktop environment with Quickshell: A customizable desktop environment built with Quickshell and QML for Wayland compositors like MangoWM and Hyprland. Originally developed as a replacement for Eww, TopBar integrates a dynamic status bar, application launcher, lock screen, and wallpaper management into a single cohesive system. It leverages Qt and QML for rendering, offering modular components like workspaces, system stats, audio controls, and network management, all configurable via a central settings file. The project includes custom patches for features like network state, audio controls, system tray icons, and low-power modes. Advanced features include dropdown menus with seamless borders, IPC-based controls, and idle timers for automatic locking or suspending. The design prioritizes flexibility, allowing users to adjust layouts, themes, and functionality through QML-based configuration.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!