Skip site navigation (1) Skip section navigation (2)

FreeBSD Security Information


FreeBSD takes security very seriously and its developers are constantly working on making the operating system as secure as possible. This page will provide information about what to do in the event of a security vulnerability affecting your system

Reporting FreeBSD security incidents

FreeBSD security issues specific to the operating system should be reported to the FreeBSD Security Team or, if a higher level of confidentiality is required, PGP encrypted to the Security Officer Team using the Security Officer PGP key. Additional information can be found at the reporting FreeBSD security incidents page.

Table of Contents

Recent FreeBSD security vulnerabilities

A full list of all security vulnerabilities can be found on this page.

How to update your system

For most users, the easiest way to update your supported FreeBSD 11.0 or 10.1 system is to use the following commands:

# freebsd-update fetch
# freebsd-update install

If that fails, follow the other instructions in the security advisory you care about.

Supported FreeBSD releases

The designation and expected lifetime of all currently supported branches are given below. The Expected EoL (end-of-life) column indicates the earliest date on which support for that branch or release will end. Please note that these dates may be pushed back if circumstances warrant it.

Effective FreeBSD11.0-RELEASE, the support model has been changed to allow more rapid development while also providing timely security updates for all supported releases.

Under the new support model, each major version's stable branch is explicitly supported for 5 years, while each individual point release is only supported for three months after the next point release.

The details and rationale behind this change can be found in the official announcement sent in February 2015.

Branch Release Type Release Date Expected EoL
stable/9 n/a n/a n/a December 31, 2016
releng/9.3 9.3-RELEASE Extended July 16, 2014 December 31, 2016
stable/10 n/a n/a n/a last release + 2 years
releng/10.1 10.1-RELEASE Extended November 14, 2014 December 31, 2016
releng/10.2 10.2-RELEASE Normal August 13, 2015 December 31, 2016
releng/10.3 10.3-RELEASE Extended April 4, 2016 April 30, 2018

Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above. A list of unsupported releases can be found here.

Advisories are sent to the following FreeBSD mailing lists:


The list of released advisories can be found on the FreeBSD Security Advisories page.

Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at the web server in the advisories and patches subdirectories.

The FreeBSD Security Officer provides security advisories for -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.)

  • The -STABLE branch tags have names like stable/10. The corresponding builds have names like FreeBSD 10.1-STABLE.

  • Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like releng/10.1. The corresponding builds have names like FreeBSD 10.1-RELEASE-p4.

Issues affecting the FreeBSD Ports Collection are covered in the FreeBSD VuXML document.

Each branch is supported by the Security Officer for a limited time only, and is designated as either Normal or Extended. The designation is used as a guideline for determining the lifetime of the branch as follows:

Releases which are published from a -STABLE branch will be supported by the Security Officer for a minimum of 12 months after the release, and for sufficient additional time (if needed) to ensure that there is a newer release for at least 3 months before the older Normal release expires.
Selected releases (normally every second release plus the last release from each -STABLE branch) will be supported by the Security Officer for a minimum of 24 months after the release, and for sufficient additional time (if needed) to ensure that there is a newer Extended release for at least 3 months before the older Extended release expires.

In the run-up to a Normal or Extended release, a number of -BETA and -RC releases may be published. These releases are only supported for a few weeks, as resources permit, and will not be listed as supported on this page. Users are strongly discouraged from running these releases on production systems.