Release date:
2026-07-10 13:10:48 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in DTLS handshake reassembly
- debian/patches/CVE-2026-33846.patch: add length-consistency and array
bounds checks in merge_handshake_packet in lib/buffers.c to reject DTLS
fragments with mismatching or oversized claimed length
- CVE-2026-33846
* SECURITY UPDATE: denial of service via non-conforming qsort comparator
- debian/patches/CVE-2026-42009.patch: return 0 for equal sequence numbers
in handshake_compare in lib/buffers.c so DTLS packet ordering follows the
qsort strict-weak-ordering contract
- CVE-2026-42009
* SECURITY UPDATE: heap over-read on short RSA ciphertext with PKCS#11 key
- debian/patches/CVE-2026-5260.patch: verify ciphertext size matches the RSA
modulus in proc_rsa_client_kx and _gnutls_proc_rsa_psk_client_kx
(lib/auth/rsa.c, lib/auth/rsa_psk.c) and size the PKCS#11 decrypt buffer
with MAX(siglen, plaintext_size) in lib/pkcs11_privkey.c
- CVE-2026-5260
Updated packages:
-
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:7b66650ea7b40b0118fffef5a2a4237397f8b1a9
-
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els5_all.deb
sha:9eccf24913e0af0ef7b7cb06c7cd60e48417a8ca
-
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:ba894c6d5bfcce38bd9312dbcc96c09f1a8942f5
-
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:facc2482af65026c6b569303f67d401e034dd907
-
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:287cb6e57193038bce55993aa16ee20b86b22ca5
-
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:5e0a36b646607cfa9d25934b83f67c2f4eead730
-
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:a64dab04282133170054e83bc791afafec8a24c8
-
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els5_amd64.deb
sha:940e603c0f948db0029b950a8d6e837fbc34e8a3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.