Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu GnuTLS Critical Machine-in-the-Middle Denial of Service Vuln 8539-1

ubuntu
Calendar Grey July 14, 2026
Dist Ubuntu Esm H88
Several security issues were fixed in GnuTLS affecting Ubuntu 20.04, 18.04, and 16.04, allowing potential machine-in-the-middle attacks.
Several security issues were fixed in GnuTLS.

Summary

Several security issues were fixed in GnuTLS.

Software Description:

- gnutls28: GNU TLS library

Details:

Haruto Kimura discovered that GnuTLS did not properly apply permitted

name constraints in certain certificate validation paths. A remote

attacker could possibly use this issue to bypass certificate validation,

leading to a machine-in-the-middle attack. (CVE-2026-42011)

Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name

checks for certain URI and SRV subject alternative names. A remote

attacker could possibly use this issue to bypass certificate validation,

leading to a machine-in-the-middle attack. (CVE-2026-42012)

Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell

back to Common Name checks when subject alternative names were

oversized. A remote attacker could possibly use this issue to bypass

certificate validation, leading to a machine-in-the-middle attack.

(CVE-2026-42013)

Luigino Camastra and Joshua Rogers discovered that GnuTL...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libgnutls30                     3.6.13-2ubuntu1.12+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libgnutls30                     3.5.18-1ubuntu1.6+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libgnutls30                     3.4.10-4ubuntu1.9+esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8539-1

CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014,

CVE-2026-42015

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8539-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.