[CLSA-2026:1784018375] Fix CVE(s): CVE-2026-42009
Type:
security
Severity:
Important
Release date:
2026-07-14 08:39:50 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in DTLS handshake reassembly - debian/patches/CVE-2026-33846.patch: add length-consistency and array bounds checks in merge_handshake_packet in lib/gnutls_buffers.c to reject DTLS fragments with mismatching or oversized claimed length - CVE-2026-33846 * SECURITY UPDATE: denial of service via non-conforming qsort comparator - debian/patches/CVE-2026-42009.patch: return 0 for equal sequence numbers in handshake_compare in lib/gnutls_buffers.c so DTLS packet ordering follows the qsort strict-weak-ordering contract - CVE-2026-42009
CVEs fixed:
Updated packages:
  • gnutls-bin_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:ae4741f449a9bc323320fe4ab8fdaa30fea48456
  • gnutls-doc_3.4.10-4ubuntu1.9+tuxcare.els3_all.deb
    sha:62416bd4b8cc0335b676207edf73beb1e7b75d4a
  • guile-gnutls_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:658d85372470d7578ff0916cd8935eac4aafd649
  • libgnutls-dev_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:54e802bec9f2413f0252dbd26444be19c3d1cc92
  • libgnutls-openssl27_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:29a95fa04a065bd9f9909bcd1b82b9ee0be11ae4
  • libgnutls28-dev_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:bdec54d5c37ceae2a0e18732aeb3beafa2a8ab5c
  • libgnutls30_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:6709ae6da7ea9ad510e1dc1f1a3748623c4f9c70
  • libgnutlsxx28_3.4.10-4ubuntu1.9+tuxcare.els3_amd64.deb
    sha:a0a71bb05951c42e8df9db53af431ecbb4b3d04b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.