Alerts This Week
Warning Icon 1 500
Alerts This Week
Warning Icon 1 500

Fedora 43 GnuTLS Addresses Critical Denial of Service Vulnerability Fix

fedora
Calendar Grey February 12, 2026
Dist Fedora Esm H88
Fixes critical issues in GnuTLS on Fedora 43 to protect against denial of service attacks. Upgrade recommended now.
This fixes a couple CVEs: ** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could l...

Summary

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS

protocols and technologies around them. It provides a simple C language

application programming interface (API) to access the secure communications

protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and

other required structures.

Update Information:

This fixes a couple CVEs: ** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS- SA-2026-02-09-1, CVSS: high] [CVE-2026-1584] ** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

Topics%20covered

Topics Covered

security advisory denial of service fedora update critical libgnutls

Change Log

* Tue Feb 10 2026 Alexander Sosedkin - 3.8.12-1 - Update to 3.8.12 upstream release - Resolves: rhbz#2438001

References


[ 1 ] Bug #2437987 - CVE-2025-14831 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437987 [ 2 ] Bug #2437989 - CVE-2026-1584 gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437989

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ef7170c9f6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnutls
Product: Fedora 43
Version: 3.8.12
Release: 1.fc43
URL: http://www.gnutls.org/
Summary: A TLS protocol implementation

Topics%20covered

Topics Covered

security advisory denial of service fedora update critical libgnutls

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here