gnutls-3.8.10-4.el9_8
エラータID: AXSA:2026-1260:18
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library,
which implements cryptographic algorithms and protocols such as SSL, TLS, and
DTLS.
Security Fix(es):
* gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009)
* gnutls: Fix crashing on an underflow with a DTLS datagram
(CVE-2026-33845)
* gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010)
* gnutls: Fix case-sensitivity of domain name comparison in name
constraints (CVE-2026-3833)
* gnutls: Fix intersecting empty name constraints (CVE-2026-42011)
* gnutls: Denial of Service via heap buffer overflow in DTLS handshake
fragment reassembly (CVE-2026-33846)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2026-33845
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
CVE-2026-33846
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
CVE-2026-3832
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
CVE-2026-3833
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
CVE-2026-42009
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
CVE-2026-42011
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
CVE-2026-42012
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
CVE-2026-42013
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
CVE-2026-42014
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
CVE-2026-42015
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
CVE-2026-5260
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
CVE-2026-5419
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
Update packages.
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
N/A
SRPMS
- gnutls-3.8.10-4.el9_8.src.rpm
MD5: b169da5d95e0066f834a1924842c8e39
SHA-256: 8d95e2823416822cd3351a49276a16ebe4a805c2aa455bf6aed0e12e8daecdc3
Size: 52.49 MB
Asianux Server 9 for x86_64
- gnutls-3.8.10-4.el9_8.i686.rpm
MD5: 0411e756dc20a70f25ffeca9d048a659
SHA-256: e57150c61a3d284770ca99af524db995520534b2590d37b5f69a235d62241c4d
Size: 1.32 MB - gnutls-3.8.10-4.el9_8.x86_64.rpm
MD5: 34a5edbd733e828f441bf3f9884040e9
SHA-256: c6a25f1ccd63c03d3c3518ac3b94a99b728f5fecb9c46a8ba8dac1d0d32caa68
Size: 1.38 MB - gnutls-c++-3.8.10-4.el9_8.i686.rpm
MD5: 924b4f60d3fde18c491200733bec3c89
SHA-256: dc33f389ac5b09a6227114138bf91296a1129beb77b06de81b268a794ab04da7
Size: 30.71 kB - gnutls-c++-3.8.10-4.el9_8.x86_64.rpm
MD5: 0e2faecde589ac2f549e8ad28d89fbc7
SHA-256: 4a6cbe468c77731ba9c2fdb558f00f32c556d9baf7e95acc8fca47e3d350566b
Size: 29.70 kB - gnutls-dane-3.8.10-4.el9_8.i686.rpm
MD5: 64efb930d9afb777b7a0343dfe3fad57
SHA-256: caf397e5adff9eef1dd50907d49c407f824fd32d1722cb6bb2fc2209dc62da9f
Size: 19.26 kB - gnutls-dane-3.8.10-4.el9_8.x86_64.rpm
MD5: 82207fe96cace6a125f61a56e9c15594
SHA-256: cacc924828a080a7d1bc0fa12034f0b35302f65f31960566f945920cfa93d3f0
Size: 19.22 kB - gnutls-devel-3.8.10-4.el9_8.i686.rpm
MD5: b810af21f48790454cf8558f2b16e89b
SHA-256: 973e3c76eccdae7a1be8a8465eb9eb98f4b252146123579988c1e9b991ac54ce
Size: 2.45 MB - gnutls-devel-3.8.10-4.el9_8.x86_64.rpm
MD5: 5d658a8169d4f8e038a329ee45663498
SHA-256: 456587fec8f159ca94df3f0822e62a27531f97e947fa2040a06c0bab49881165
Size: 2.45 MB - gnutls-utils-3.8.10-4.el9_8.x86_64.rpm
MD5: 52e290a953b73dbb91c2dac655d4fe0f
SHA-256: 9e210a5a3ffa0d18d1e3e3b2b384177b6c2456a1e81d7388bca7ff5685e396f1
Size: 291.84 kB