Several security issues were fixed in GnuTLS.
Software Description:
- gnutls28: GNU TLS library
Details:
It was discovered that GnuTLS had a timing side-channel when processing
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker
could possibly use this issue to recover sensitive information. This
issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)
Bing Shi discovered that GnuTLS incorrectly handled decoding certain
DER-encoded certificates. A remote attacker could possibly use this
issue to cause GnuTLS to consume resources, leading to a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)
Luigino Camastra discovered that GnuTLS incorrectly handled certain
PKCS11 token labels. A remote attacker could use this issue to cause
GnuTLS to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases
should reduce the vulnerability to a denial of service. (CVE-2025-9820)
...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
gnutls-bin 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
guile-gnutls 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
libgnutls-dane0 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
libgnutls-openssl27 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
libgnutls28-dev 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
libgnutls30 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
libgnutlsxx28 3.6.13-2ubuntu1.12+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gnutls-bin 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
libgnutls-dane0 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
libgnutls-openssl27 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
libgnutls28-dev 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
libgnutls30 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
libgnutlsxx28 3.5.18-1ubuntu1.6+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gnutls-bin 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
guile-gnutls 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
libgnutls-dev 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
libgnutls-openssl27 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
libgnutls28-dev 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
libgnutls30 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
libgnutlsxx28 3.4.10-4ubuntu1.9+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8502-1
CVE-2024-0553, CVE-2024-12243, CVE-2025-14831, CVE-2025-9820,
CVE-2026-33845, CVE-2026-33846, CVE-2026-3833, CVE-2026-42009,
CVE-2026-42010, CVE-2026-5260
Get the latest Linux and open source security news straight to your inbox.