FreeBSD developers made a decision in the new branch FreeBSD 13, the release of which is expected April 13, assign a port for Arm64 architecture (AARCH64) The status of the primary platform ( Tier 1 ). Previously, a similar level of support was provided for 64-bit X86 systems (until the last time, the first I386 architecture was and in January it was translated on the second level of support).
The first level of support implies the formation of installation assemblies, binary updates and ready-made packets, as well as providing warranties for solving specific problems and maintaining ABI immutability for the user environment and kernel (with the exception of some subsystems). The first level falls under the support of teams responsible for eliminating vulnerabilities, preparing releases and maintaining ports.
Additionally, you can note the elimination of three vulnerabs in FreeBSD:
- CVE-2021-29626 – Unprivileged Local Process can read the contents of the memory The kernels or other processes through manipulation with mapping memory pages continuing after the release of the page. Vulnerability is caused by an error in a virtual memory subsystem that provides sharing memory between processes.
- CVE-2021-29627 – Unprivileged Local User can enhance its privileges In the system or read the contents of the kernel memory. The problem is caused by referring to memory after its release (use-after-free) in the implementation of the Accept Filter mechanism.
- CVE-2020-25584 – the ability to bypass the Jail isolation mechanism. The user insulated with an insulated environment having the mounted entry right (ALLOW.MOUNT), can achieve the root directory to change the position outside the Jail hierarchy and get full read and write all system files.