[CLSA-2026:1780389355] gnutls: Fix of 7 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-02 08:36:15 UTC
Description:
- CVE-2026-33846: fix heap buffer overflow in DTLS handshake fragment reassembly by validating message-length consistency and bounding the fragment write against the destination buffer capacity - CVE-2026-42009: fix undefined behaviour in DTLS packet ordering by making the handshake_compare qsort comparator return 0 for equal sequence numbers - CVE-2026-42011: fix name constraints bypass by no longer short-circuiting the intersection of an empty permitted set, so later permitted constraints are still enforced - CVE-2026-42012: fix certificate verification bypass by making URI and SRV subjectAltName entries preclude the legacy CN fallback hostname check - CVE-2026-42013: fix certificate verification bypass by preventing CN and DN-email fallback when a subjectAltName entry is oversized - CVE-2026-5260: fix heap overread in RSA key exchange by rejecting a ciphertext whose size does not match the RSA modulus - CVE-2026-42014: fix use-after-free and leak in gnutls_pkcs11_token_set_pin when changing the security officer PIN
CVEs fixed:
Updated packages:
  • gnutls-3.6.16-8.el8.1.tuxcare.els8.i686.rpm
    sha:d3328eb4ad42a0b86b8fb80c1ef1a8368c324c6183ac2ebe4e8e05ef5ead1861
  • gnutls-3.6.16-8.el8.1.tuxcare.els8.x86_64.rpm
    sha:01c789e366b3c13c67663c9e79487fedabda8baf081919e5d45a357e601008d4
  • gnutls-c++-3.6.16-8.el8.1.tuxcare.els8.i686.rpm
    sha:0aae15cc81cf1a5e49138697560308d49ff6d8f9ac0191ca45fc9608a28a3236
  • gnutls-c++-3.6.16-8.el8.1.tuxcare.els8.x86_64.rpm
    sha:f4900a1668c3d6a02869d51f2f2038db4572340767b23e27ba7a5db725c73f2b
  • gnutls-dane-3.6.16-8.el8.1.tuxcare.els8.i686.rpm
    sha:c6fdd6cd75c53bf1713ec36ddb1b53f3a2a47ed234ec2a91063fc1a1bbfc4fb2
  • gnutls-dane-3.6.16-8.el8.1.tuxcare.els8.x86_64.rpm
    sha:45ba2e826356364a2ec32c965b53382b57018fe9379a0cddffc12ace9aea3621
  • gnutls-devel-3.6.16-8.el8.1.tuxcare.els8.i686.rpm
    sha:aab9e9ea2e37c66192489813758f2c6e961e6f47dac03023ef2136b71cf43560
  • gnutls-devel-3.6.16-8.el8.1.tuxcare.els8.x86_64.rpm
    sha:ce09ed041cb9cc2cb26abb69d3946fb8163aabffc2a6e00420797687395d76f7
  • gnutls-utils-3.6.16-8.el8.1.tuxcare.els8.x86_64.rpm
    sha:991ef11dc52a4a8f694037c5010d3810744dcb8c2c0edf98975cf03794d6e630
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.