Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42 gnutls Critical Denial of Service CVE-2026-1584 Advisory

fedora
Calendar Grey February 16, 2026
Dist Fedora Esm H88
Update for Fedora 42 gnutls prevents denial of service from invalid PSK binder in TLS 1.3 resumption attempts.
This backports fixes for a couple CVEs: ** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in Clien...

Summary

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS

protocols and technologies around them. It provides a simple C language

application programming interface (API) to access the secure communications

protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and

other required structures.

Update Information:

This backports fixes for a couple CVEs: ** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS- SA-2026-02-09-1, CVSS: high] [CVE-2026-1584] ** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

Topics%20covered

Topics Covered

security advisory denial of service fedora high gnutls cve-2026-1584

Change Log

* Tue Feb 10 2026 Alexander Sosedkin - 3.8.11-3 - Backport fixes for CVE-2025-9820, CVE-2025-14831 - Fix name constraint processing performance issue (CVE-2025-14831) - Fix NULL pointer dereference in PSK binder verification (CVE-2026-1584)

References


[ 1 ] Bug #2437986 - CVE-2025-14831 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437986 [ 2 ] Bug #2437988 - CVE-2026-1584 gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437988

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2b6035ee2b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: gnutls
Product: Fedora 42
Version: 3.8.11
Release: 3.fc42
URL: http://www.gnutls.org/
Summary: A TLS protocol implementation

Topics%20covered

Topics Covered

security advisory denial of service fedora high gnutls cve-2026-1584

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here