MidnightBSD 4.0.6 RELEASE

19 June, 2026 by luke@foolishgames.com
midnightbsd 
MidnightBSD 4.0.6 has been released.  It includes the following changes:

* usr.bin/sqlite3: link the shell against libm (fixes stable/4.0 build) 
by @laffer1 in https://github.com/MidnightBSD/src/pull/381
* Makefile.inc1: fix intermittent libmagic build failure under high 
parallelism by @laffer1 in https://github.com/MidnightBSD/src/pull/399

     libpcap: CVE-2025-11961 out-of-bounds read/write in
     pcap_ether_aton via malformed MAC address string

     ncurses: CVE-2025-6141 stack-based buffer overflow in
     postprocess_termcap via crafted termcap ko capability

     lua 5.4.7: CVE-2021-43519 C stack overflow via lua_resume

     xz 5.8.3: CVE-2026-34743

     ktls: CVE-2026-45257 receive path file overwrite fix

     capsicum: CVE-2026-45259 restrict sigqueue(2) in capability mode

     ip multicast: CVE-2026-49412 source filter use-after-free fix

     linux(4): CVE-2026-49413 setugid AT_SECURE fix

     Fix ASLR bypass for setuid executables via procctl(2):
     CVE-2026-49414. Rebuild and reboot the kernel.

     arm64: Arm CPU errata TLBI ordering bypass: CVE-2025-10263.
     Rebuild and reboot the kernel.

     ldns 1.8.4

     file 5.46

     sound(4): CVE-2026-45258 CVE-2026-49417 mmap path fixes

20260607:
     sqlite3 3.53.2

     unbound 1.25.1: CVE-2026-33278 CVE-2026-42944 CVE-2026-42959
     CVE-2026-32792 CVE-2026-40622 CVE-2026-41292 CVE-2026-42534
     CVE-2026-42923 CVE-2026-42960 CVE-2026-44608 CVE-2026-44390

20260606:
     libarchive 3.8.7

     expat 2.8.1

     mport 2.7.9

20260522:
     libcasper: CVE-2026-39461  select(2) file descriptor set overflow 
causes stack overflow

     libcap_net: CVE-2026-45254 Incorrect libcap_net limitation list 
manipulation

     unbound 1.24.2: CVE-2025-11411

20260521:
     ee: add unicode support

     Remove extraneious tab characters in _stdint.h files

     stdint.h macro fixes

     sys: Fix heap disclosure in compat7 kern.proc.filedesc sysctl (from 
freebsd)

     shm: Zero struct kinfo_file in sysctl handler  (claude reported to 
freebsd)

     compat32: Zero struct to avoid stack disclosure

     compat/linux: Avoid waitid() kernel stack disclosure

     net: bandaid for plugging a fw_com leak in fwip_detach()

     caroot: modenize/cleanup and update certificates

     kqueue: Fix a race when adding an fd-based knote to a queue

     midnightbsd-update: fix a bug with cert files

     spellprog: fix OOB reads and EOF slurp hang

     progress: fix gzip -l injection and EINTR wait loop Avoid 
popen()/shell when running
     gzip -l by forking gzip with argv, and handle EINTR correctly in 
the wait loop.

     wall: harden message buffer sizing

     w: harden tty path handling and width math

     ident: avoid underflow when validating keyword termination

     asa: guard against zero-length fgetln()

-- 
Lucas Holt
Luke@FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)

_______________________________________________
Midnightbsd-security mailing list
Midnightbsd-security@midnightbsd.org
http://www.midnightbsd.org/mailman/listinfo/midnightbsd-security