gnutls-3.6.16-8.el8_10.6.ML.1
エラータID: AXSA:2026-729:16
以下項目について対処しました。
[Security Fix]
- GnuTLS の DTLS ハンドシェイク解析の処理には、整数アンダー
フローの問題があるため、リモートの攻撃者により、情報の漏洩、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-33845)
- GnuTLS の merge_handshake_packet() 関数には、ヒープベースの
バッファオーバーフローの問題があるため、リモートの攻撃者により、
巧妙に細工された DTLS フラグメントパケットを介して、サービス拒否
攻撃 (クラッシュの発生)、およびメモリ破壊を可能とする脆弱性が存在
します。(CVE-2026-33846)
- GnuTLS には、大文字・小文字の取り違えに起因して、本来拒否される
べき証明書が受け入れられてしまう問題があるため、リモートの攻撃者に
より、情報の漏洩、およびデータ破壊を可能とする脆弱性が存在します。
(CVE-2026-3833)
- GnuTLS には、リモートの攻撃者により、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2026-42009)
- GnuTLS には、リモートの攻撃者により、認証のバイパスを可能と
する脆弱性が存在します。(CVE-2026-42010)
- GnuTLS には、証明書の検証処理に問題があるため、リモートの
攻撃者により、なりすまし、および中間者攻撃を可能とする脆弱性が
存在します。(CVE-2026-42011)
- GnuTLS には、証明書の検証処理に問題があるため、リモートの
攻撃者により、情報の漏洩、およびデータ破壊を可能とする脆弱性が
存在します。(CVE-2026-42012)
- GnuTLS には、証明書の検証を回避できてしまう問題があるため、
リモートの攻撃者により、なりすまし、および中間者攻撃を可能とする
脆弱性が存在します。(CVE-2026-42013)
- GnuTLS には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-42014)
- GnuTLS には、オフバイワンエラーの問題があるため、リモートの
攻撃者により、サービス拒否攻撃 (DoS) を可能とする脆弱性が存在
します。(CVE-2026-42015)
- GnuTLS には、数値のチェック処理に不備があるため、リモートの
攻撃者により、情報の漏洩、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2026-5260)
パッケージをアップデートしてください。
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
N/A
SRPMS
- gnutls-3.6.16-8.el8_10.6.ML.1.src.rpm
MD5: 42f94827109d67babeba6ca3a37311f0
SHA-256: fd8b0f9b8752b1572ba03139c4108a8e6c4875ef6868930a34f13ebbb999a85b
Size: 5.57 MB
Asianux Server 8 for x86_64
- gnutls-3.6.16-8.el8_10.6.ML.1.i686.rpm
MD5: 2c47a59744957168a85a2e48aa361583
SHA-256: 43cd18f8571a1997eac8c0cd2cb9d75bc766060b062e2a35c642acc655a81723
Size: 1.02 MB - gnutls-3.6.16-8.el8_10.6.ML.1.x86_64.rpm
MD5: a802d0b29df6448400d6a8363527b8e4
SHA-256: 27bc10e5254fcd1ee6e3db20eaea53cc27b1199e86b328f960c71cad41bf3d12
Size: 1.00 MB - gnutls-c++-3.6.16-8.el8_10.6.ML.1.i686.rpm
MD5: e3da22709f014a8898bfb97d7b1dd4a4
SHA-256: 396b4dd322a8fd2309553f17fecabcbdb67ff62cffcc1445182164eadf515e3a
Size: 51.06 kB - gnutls-c++-3.6.16-8.el8_10.6.ML.1.x86_64.rpm
MD5: d416dacaabae15eb2d37f4005db53066
SHA-256: 1d67c57e352a255f236219af2973157d987d6f3280fc10b8a7da4835308f621a
Size: 50.01 kB - gnutls-dane-3.6.16-8.el8_10.6.ML.1.i686.rpm
MD5: 4a2dcfd65440e0f9e498b2ae29468f6f
SHA-256: dfd9dcbf83ebf20db2a41de933ff0b15ae8367c4d2af611398eae4e5cf40c9ce
Size: 54.30 kB - gnutls-dane-3.6.16-8.el8_10.6.ML.1.x86_64.rpm
MD5: 534a12c5648e4620b5c4a43fd2ed5682
SHA-256: 974adcd69269d7f31fc55fbe4ff87be2bb273248ae0aeb119d061668ebd7be68
Size: 53.40 kB - gnutls-devel-3.6.16-8.el8_10.6.ML.1.i686.rpm
MD5: afff5e23cdb5a7184dccf474f7ab041e
SHA-256: ddb74ed52c24176cc453ce4e202167f38aa98b44967e0f389bcd2570cc088f86
Size: 2.18 MB - gnutls-devel-3.6.16-8.el8_10.6.ML.1.x86_64.rpm
MD5: e077bfcef06e0c4c7202a9e0951dacb7
SHA-256: b1c58c99cc5ac0f90a9c45599102db9e605d0fa2a2edf7354c3c247d26e49d08
Size: 2.18 MB - gnutls-utils-3.6.16-8.el8_10.6.ML.1.x86_64.rpm
MD5: 2e7b7132f521b9b861369912333c05b7
SHA-256: c9e3b884df16fda27526bdc9293b565ee72817c78273b5788ba32701b575f646
Size: 350.11 kB