CoCalc -- advisory-template.txt

GitHub Repository: freebsd/freebsd-doc
Path: blob/main/website/static/security/advisory-template.txt
¹⁸⁰⁸⁶ views
1
=============================================================================
2
FreeBSD-SA-XX_ADVISORY_TEMPLATE                             Security Advisory
3
                                                          The FreeBSD Project
4

5
Topic:          XX
6

7
Category:       <XX core | contrib >
8
Module:         <XX module name>
9
Announced:      2026-XX-XX
10
Credits:        XX
11
Affects:        <XX affected versions>
12
                <e.g., "All supported versions of FreeBSD.", "FreeBSD
13
                14.3 and later.", "FreeBSD 14.x", or "FreeBSD 14.4">
14
Corrected:      2026-XX-XX XX:XX:XX UTC (stable/15, 15.1-STABLE)
15
                2026-XX-XX XX:XX:XX UTC (releng/15.0, 15.0-RELEASE-pXX)
16
                2026-XX-XX XX:XX:XX UTC (stable/14, 14.4-STABLE)
17
                2026-XX-XX XX:XX:XX UTC (releng/14.4, 14.4-RELEASE-pXX)
18
                2026-XX-XX XX:XX:XX UTC (releng/14.3, 14.3-RELEASE-pXX)
19
CVE Name:       CVE-XXXX-XXXX
20

21
For general information regarding FreeBSD Security Advisories,
22
including descriptions of the fields above, security branches, and the
23
following sections, please visit <URL:https://security.FreeBSD.org/>.
24

25
I.   Background
26

27
<XX brief description of what the affected bits are supposed to do>
28

29
II.  Problem Description
30

31
<XX detailed description of the problem>
32

33
III. Impact
34

35
<XX description as to why the above problem is bad>
36

37
IV.  Workaround
38

39
<XX If no workaround exists:>
40
No workaround is available.
41

42
<XX ... but some systems are unaffected:>
43
No workaround is available.  <insert simple description of some
44
systems that are not vulnerable>
45

46
<XX If a workaround exists:>
47
<XX insert workaround here>
48

49
V.   Solution
50

51
<XX insert solution here>
52

53
Upgrade your vulnerable system to a supported FreeBSD stable or
54
release / security branch (releng) dated after the correction date.
55
[XX Needs reboot? Mention please]
56

57
Perform one of the following:
58

59
1) To update your vulnerable system installed from base system packages:
60

61
Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
62
platforms, which were installed using base system packages, can be updated
63
via the pkg(8) utility:
64

65
# pkg upgrade -r FreeBSD-base
66
# shutdown -r +10min "Rebooting for a security update" <XX if required>
67

68
2) To update your vulnerable system installed from binary distribution sets:
69

70
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
71
which were not installed using base system packages can be updated via the
72
freebsd-update(8) utility:
73

74
# freebsd-update fetch
75
# freebsd-update install
76
# shutdown -r +10min "Rebooting for a security update" <XX if required>
77

78
3) To update your vulnerable system via a source code patch:
79

80
The following patches have been verified to apply to the applicable
81
FreeBSD release branches.
82

83
a) Download the relevant patch from the location below, and verify the
84
detached PGP signature using your PGP utility.
85

86
[FreeBSD XX]
87
# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch
88
# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch.asc
89
# gpg --verify XXXX.patch.asc
90

91
b) Apply the patch.  Execute the following commands as root:
92

93
# cd /usr/src
94
# patch < /path/to/patch
95

96
<XX for a userland utility:>
97

98
c) Recompile the operating system using buildworld and installworld as
99
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
100

101
<XX for a daemons>
102

103
c) Recompile the operating system using buildworld and installworld as
104
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
105

106
Restart the applicable daemons, or reboot the system.
107

108
<XX for a common library>
109

110
c) Recompile the operating system using buildworld and installworld as
111
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
112

113
Restart all daemons that use the library, or reboot the system.
114

115
<XX for a kernel vulnerability:>
116

117
c) Recompile your kernel as described in
118
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
119
system.
120

121
VI.  Correction details
122

123
This issue is corrected as of the corresponding Git commit hash in the
124
following stable and release branches:
125

126
Branch/path                             Hash                     Revision
127
-------------------------------------------------------------------------
128
stable/15/                              XXXXXXXXXXXX    stable/15-nXXXXXX
129
releng/15.0/                            XXXXXXXXXXXX  releng/15.0-nXXXXXX
130
stable/14/                              XXXXXXXXXXXX    stable/14-nXXXXXX
131
releng/14.4/                            XXXXXXXXXXXX  releng/14.4-nXXXXXX
132
releng/14.3/                            XXXXXXXXXXXX  releng/14.3-nXXXXXX
133
-------------------------------------------------------------------------
134

135
Run the following command to see which files were modified by a
136
particular commit:
137

138
# git show --stat <commit hash>
139

140
Or visit the following URL, replacing NNNNNN with the hash:
141

142
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
143

144
To determine the commit count in a working tree (for comparison against
145
nNNNNNN in the table above), run:
146

147
# git rev-list --count --first-parent HEAD
148

149
VII. References
150

151
<XX other info on vulnerability>
152

153
<URL:https://www.cve.org/CVERecord?id=CVE-XXXX-XXXXX>
154

155
The latest revision of this advisory is available at
156
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-XX:XX.XXXXX.asc>
157

158
Product

Resources

Company
