CVE-2026-45257

[cwt]

Howdy!

The recently published CVE-2026-45257 - also called "bumsrakete" - affects FreeBSD 15.0, 14.x and 13.x.

Are there any considerations to patch OPNSense?

Cheers

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:26.ktls.asc
https://bumsrake.de/

[franco]

26.1.10 is being released later this afternoon.


Cheers,
Franco

[Nullman]

26.1.10 is being released later this afternoon.


Cheers,
Franco

Thank you Franco.

For those impatient and paranoid you can patch manually. Enable SSH on your OPNSense box, connect, and go to shell by pressing 8 and type this.

Code Select Expand

pkg install nano && nano /etc/sysctl.conf
And add this at the end of the file

Code Select Expand

kern.ipc.mb_use_ext_pgs=0
Press Ctrl+X and chose Y to save your changes. And then uninstall nano if you wish.

Code Select Expand

pkg remove nano
You can reboot to make this change take effect, or if you dont want to reboot, just type:

Code Select Expand

sysctl -w kern.ipc.mb_use_ext_pgs=0
All done.

Dont forget to disable SSH if you dont need it.

[cwt]

26.1.10 is being released later this afternoon.


Cheers,
Franco

Thank you for the info :-)

[Monviech (Cedrik)]

You can just as well use the GUI to set this tunable, no need for SSH.

System: Settings: Tunables

[Nullman]

You can just as well use the GUI to set this tunable, no need for SSH.

System: Settings: Tunables

I didnt know that. Thank you Cedrik.

[Patrick M. Hausen]

Also you do not need to install nano to edit a file. Both vi and ee (the "easy editor") are available out of the box.

[Nullman]

Also you do not need to install nano to edit a file. Both vi and ee (the "easy editor") are available out of the box.

Whos going to explain to absolute beginners that quitting and saving your changes requires pressing Esc key and then : and typing wq. Im trying to make these instructions as simple as possible for everyone. But the easiest way is what Cedric recommended.

[sopex]

I also install nano, much better experience :) Editor wars 2.0

[franco]

At my second job I had to set "vim" as an alias for "nano" in order to force myself to use vim. True story.


Cheers,
Franco

PS: 26.1.10 is live

[Patrick M. Hausen]

Whos going to explain to absolute beginners that quitting and saving your changes requires pressing Esc key and then : and typing wq. Im trying to make these instructions as simple as possible for everyone. But the easiest way is what Cedric recommended.

As I was saying ee is available as a reasonably easy alternative to vi. Introduced in August 1995, so available since FreeBSD 2.1 release.

[Monviech (Cedrik)]

Help I started ee and I cannot close it anymore, I want vim back.

[nero355]

I also install nano, much better experience :) Editor wars 2.0

I am pretty sure I used this : https://docs.freebsd.org/en/books/handbook/basics/#editors
A long time ago in FreeBSD 4/5/6 to edit all files and it was super easy to use just like Patrick said :

Also you do not need to install nano to edit a file.

Both vi and ee (the "easy editor") are available out of the box.

I think most of the time I just typed "edit file.conf" and that was it! :)