www.freebsd.org Open in urlscan Pro
2604:1380:4091:a001::50:3  Public Scan

Submitted URL: https://security.freebsd.org/
Effective URL: https://www.freebsd.org/security/
Submission Tags: falconsandbox
Submission: On November 20 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

Name: search-formGET https://duckduckgo.com/

<form method="get" id="search-form" action="https://duckduckgo.com/" onsubmit="document.getElementById('words').value+=' site:FreeBSD.org'" name="search-form"><input type="hidden" name="ka" value="v">
  <input type="hidden" name="kt" value="v"> <input type="hidden" name="kh" value="1"> <input type="hidden" name="kj" value="r2">
  <input id="words" name="q" type="text" size="20" maxlength="255" onfocus="if( this.value==this.defaultValue ) this.value='';" value="Search" placeholder="Search"> <input id="submit" name="submit" type="submit" value="Search">
</form>

Text Content

Donate to FreeBSD

 * Home

 * About
   * Introduction
   * Features
   * Privacy Policy
   * Projects
   * Ports

 * Get FreeBSD
   * Release Information
   * Release Engineering

 * Documentation
   * FAQ
   * Handbook
   * Porter's Handbook
   * Developer's Handbook
   * Committer's Guide
   * Manual Pages
   * Presentations and Papers
   * Documentation Project Primer
   * All Books and Articles

 * Community
   * Mailing Lists
   * Forums
   * User Groups
   * Events
   * FreeBSD Journal
   * Q&A (external)

 * Developers
   * Project Ideas
   * Git Repository
   * GitHub Mirror
   * Code Review (Phabricator)
   * Wiki
   * Continuous Integration Service

 * Support
   * Vendors
   * Security Information
   * Bug Reports
   * Submitting Bug Reports
   * Web Resources

 * Foundation
   * Monetary Donations
   * Hardware Donations

 * Support
 * Vendors
   * Software
   * Hardware
   * Consulting
   * Internet Service Providers
   * Miscellaneous
 * Security Information
   * Advisories
   * Errata Notices
   * Supported Releases
   * Unsupported Releases
   * How to read FreeBSD Security Advisories
   * Charter for the Security Officer and Team
 * Submit a Problem Report
 * Web Resources


FREEBSD SECURITY INFORMATION


INTRODUCTION

FreeBSD takes security very seriously and its developers are constantly working
on making the operating system as secure as possible. This page will provide
information about what to do in the event of a security vulnerability affecting
your system


TABLE OF CONTENTS

 * Reporting FreeBSD security incidents

 * Recent FreeBSD security vulnerabilities

 * Understanding FreeBSD security advisories

 * How to update your system

 * Supported FreeBSD releases

 * The FreeBSD support model


REPORTING FREEBSD SECURITY INCIDENTS

FreeBSD security issues specific to the base system should be reported via email
to the FreeBSD Security Team or, if a higher level of confidentiality is
required, via PGP encrypted email to the Security Officer Team using the
Security Officer PGP key. Additional information can be found at the reporting
FreeBSD security incidents page.


WHEN IS A SECURITY ADVISORY CONSIDERED?

For every issue that gets reported, an internal tracking number is created,
unless something is very obviously not a security issue. To determine whether or
not a Security Advisory is warranted we use the following scheme:

 * Is it a privilege escalation vulnerability?

 * Is it a code injection vulnerability?

 * Is it a memory disclosure or dataleak vulnerability?
   
    * From either the kernel
   
    * From a privileged process
   
    * From a process owned by another user?

 * Is it a Denial of Service vulnerability?
   
    * Only when remotely exploitable, where remotely means that it comes from a
      different broadcast domain, so ARP and/or NDP based attacks do not
      qualify.

 * Is it an unassisted jailbreak vulnerability?

 * Is it a malfunction that could lead to generating insecure crypto keys, such
   as a PRNG bug?

For items that fall under these categories, a Security Advisory is very likely.
Items that are not on this list are looked into individually and it will be
determined then whether or not it will receive a Security Advisory or an Errata
Notice.

Once it had been determined that a Security Advisory is warranted, either the
submitter delivers a CVE number if he/she already requested one, or we use one
from the FreeBSD pool available.


RECENT FREEBSD SECURITY VULNERABILITIES

A full list of all security vulnerabilities affecting the base system can be
found on this page.

A full list of all other errata affecting the base system can be found on this
page.


UNDERSTANDING FREEBSD SECURITY ADVISORIES

Advisories affecting the base system are sent to the following mailing lists:

 * FreeBSD-security-notifications@FreeBSD.org

 * FreeBSD-security@FreeBSD.org

 * FreeBSD-announce@FreeBSD.org

The list of released advisories can be found on the FreeBSD Security Advisories
page.

Advisories are always signed using the FreeBSD Security Officer PGP key and are
archived, along with their associated patches, at the
https://security.FreeBSD.org web server in the advisories and patches
subdirectories.

The FreeBSD Security Officer provides security advisories for -STABLE Branches
and the Security Branches. (Advisories are not issued for the -CURRENT Branch,
which is primarily oriented towards FreeBSD developers.)

 * The -STABLE branch tags have names like stable/13. The corresponding builds
   have names like FreeBSD 13.2-STABLE.

 * Each FreeBSD Release has an associated Security Branch. The Security Branch
   tags have names like releng/13.2. The corresponding builds have names like
   FreeBSD 13.2-RELEASE-p1.

Issues affecting the FreeBSD Ports Collection are covered separately in the
FreeBSD VuXML document.

Errata affecting the base system but not classified as security vulnerabilities
are covered separately on the FreeBSD Errata Notices page.


HOW TO UPDATE YOUR SYSTEM

For users that have previously installed a binary version of FreeBSD (e.g., 13.1
or 12.3), commands:

# freebsd-update fetch

# freebsd-update install

If that fails, follow the other instructions in the security advisory you care
about.

Note that the above procedure is only for users who have previously installed a
binary distribution. Those who have built from source will need to update their
source tree to upgrade.

For more details, read how to apply security patches.


SUPPORTED FREEBSD RELEASES

Each release is supported by the Security Officer for a limited time only.

The designation and expected lifetime of all currently supported branches and
their respective releases are given below. The Expected EoL (end-of-life) column
indicates the earliest date on which support for that branch or release will
end. Please note that these dates may be pushed back if circumstances warrant
it.

Older releases are not supported and users are strongly encouraged to upgrade to
one of these supported releases:

Branch Release Release Date Expected EoL

stable/14

n/a

n/a

November 30, 2028

releng/14.1

14.1-RELEASE

June 4, 2024

March 31, 2025

stable/13

n/a

n/a

April 30, 2026

releng/13.4

13.4-RELEASE

September 17, 2024

June 30, 2025

releng/13.3

13.3-RELEASE

March 5, 2024

December 31, 2024

In the run-up to a release, a number of -BETA and -RC releases may be published
for testing purposes. These releases are only supported for a few weeks, as
resources permit, and will not be listed as supported on this page. Users are
strongly discouraged from running these releases on production systems.


THE FREEBSD SUPPORT MODEL

Under the current support model, each major version’s stable branch is
explicitly supported for 5 years, while each individual point release is only
supported for three months after the next point release.

The details and rationale behind this model can be found in the official
announcement sent in February 2015.

--------------------------------------------------------------------------------

Last modified on: October 7, 2024 by Li-Wen Hsu

Legal Notices | © 1995-2024 The FreeBSD Project All rights reserved. The mark
FreeBSD is a registered trademark of The FreeBSD Foundation and is used by The
FreeBSD Project with the permission of The FreeBSD Foundation. Contact