[CLSA-2026:1782138503] gnutls: Fix of 8 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-13 10:22:08 UTC
Description:
- CVE-2026-42014: fix use-after-free and leak in gnutls_pkcs11_token_set_pin when changing the Security Officer PIN with oldpin == NULL on a token lacking a protected authentication path - CVE-2026-42015: fix off-by-one bounds check in gnutls_pkcs12_bag_set_data that allowed writing past the 32-element PKCS#12 bag array when appending to an imported bag already holding the maximum number of elements
Updated packages:
  • gnutls-3.7.6-23.el9_2.tuxcare.4.els10.x86_64.rpm
    sha:4c1aa564f2c8a584e264c02000a9615b804c39b6c473584238cc84fb70f6908f
  • gnutls-c++-3.7.6-23.el9_2.tuxcare.4.els10.x86_64.rpm
    sha:3604aef4c980ea1e1b248741e14c55512a958cf1c966374cbd0f72e1c752eca9
  • gnutls-dane-3.7.6-23.el9_2.tuxcare.4.els10.x86_64.rpm
    sha:8f45c7373bf29d49ce0df7bd5086ab316a57ca0b69681d79763211c09cb3c1f9
  • gnutls-devel-3.7.6-23.el9_2.tuxcare.4.els10.x86_64.rpm
    sha:9fa6343e9ebd543e3f26d30be684d1118b656afa55224331b7389fd357001761
  • gnutls-utils-3.7.6-23.el9_2.tuxcare.4.els10.x86_64.rpm
    sha:fc17d07f8a30f9b2e1a298668a3d00a5f54c05b27d8d935a43b14502693fe560
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.