Release date:
2026-07-14 08:36:17 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in DTLS handshake reassembly
- debian/patches/CVE-2026-33846.patch: add length-consistency and array
bounds checks in merge_handshake_packet in lib/buffers.c to reject DTLS
fragments with mismatching or oversized claimed length
- CVE-2026-33846
* SECURITY UPDATE: denial of service via non-conforming qsort comparator
- debian/patches/CVE-2026-42009.patch: return 0 for equal sequence numbers
in handshake_compare in lib/buffers.c so DTLS packet ordering follows the
qsort strict-weak-ordering contract
- CVE-2026-42009
* SECURITY UPDATE: heap over-read on short RSA-PSK ciphertext with PKCS#11 key
- debian/patches/CVE-2026-5260.patch: verify ciphertext size matches the RSA
modulus in _gnutls_proc_rsa_psk_client_kx in lib/auth/rsa_psk.c and size
the PKCS#11 decrypt buffer with MAX(siglen, plaintext_size) in
lib/pkcs11_privkey.c (the RSA path uses the allocating decrypt API and is
not affected)
- CVE-2026-5260
Updated packages:
-
gnutls-bin_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:87954656ea3ebe90f346b1093302fe797d1f4444
-
gnutls-doc_3.5.18-1ubuntu1.6+tuxcare.els4_all.deb
sha:99f6637a4dd145a135574f54483ed72709ece8a9
-
libgnutls-dane0_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:01157c1266a1db06284f813265e44098e06344a5
-
libgnutls-openssl27_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:8eb2520b268220ff6917f7e4e143a9a208e46dea
-
libgnutls28-dev_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:ac5982a629962d5bc11173f12b0e1cbd0bbe4b94
-
libgnutls30_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:754393e9132d6a94a14266b14cfced4a7ccf7400
-
libgnutlsxx28_3.5.18-1ubuntu1.6+tuxcare.els4_amd64.deb
sha:b6325a1217a70c330c581f5d19cebeb093ccd60a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.