Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:3042-1 Release Date: 2026-07-15T11:50:16Z Rating: important References: * bsc#1263713 Cross-References: * CVE-2026-42014 CVSS scores: * CVE-2026-42014 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42014 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42014 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gnutls fixes the following issue * Rebase the CVE-2026-42014 patch to include a missing call to `p11_kit_uri_free()` in `gnutls_pkcs11_token_set_pin()` (bsc#1263713). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3042=1 * SUSE Linux Enterprise High PerformanceComputing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3042=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-3042=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3042=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3042=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3042=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3042=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-3042=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3042=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3042=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-3042=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-3042=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-guile-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * gnutls-guile-debuginfo-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgnutls-devel-64bit-3.7.3-150400.4.62.1 * libgnutls30-64bit-debuginfo-3.7.3-150400.4.62.1 * libgnutls30-hmac-64bit-3.7.3-150400.4.62.1 * libgnutls30-64bit-3.7.3-150400.4.62.1 * openSUSE Leap 15.4 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls-devel-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-guile-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-guile-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 *libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-guile-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-guile-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 *libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-guile-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * gnutls-guile-debuginfo-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-guile-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-guile-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.62.1 *libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libgnutls-devel-3.7.3-150400.4.62.1 * gnutls-debugsource-3.7.3-150400.4.62.1 * libgnutls30-debuginfo-3.7.3-150400.4.62.1 * gnutls-debuginfo-3.7.3-150400.4.62.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1 * gnutls-3.7.3-150400.4.62.1 * libgnutlsxx-devel-3.7.3-150400.4.62.1 * libgnutlsxx28-3.7.3-150400.4.62.1 * libgnutls30-3.7.3-150400.4.62.1 * libgnutls30-hmac-3.7.3-150400.4.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.62.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.62.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-42014.html * https://bugzilla.suse.com/show_bug.cgi?id=1263713 . The gnutls security update for openSUSE fixes an important issue to enhance system protection. Install the patches today.. openSUSE gnutls security patch. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in GnuTLS.. ========================================================================== Ubuntu Security Notice USN-8539-1 July 14, 2026 gnutls28 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GnuTLS. Software Description: - gnutls28: GNU TLS library Details: Haruto Kimura discovered that GnuTLS did not properly apply permitted name constraints in certain certificate validation paths. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42011) Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name checks for certain URI and SRV subject alternative names. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42012) Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell back to Common Name checks when subject alternative names were oversized. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42013) Luigino Camastra and Joshua Rogers discovered that GnuTLS had a use-after-free issue when changing PKCS#11 token security officer PINs in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42014) Zou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag sizes in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42015) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libgnutls30 3.6.13-2ubuntu1.12+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS libgnutls30 3.5.18-1ubuntu1.6+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS libgnutls30 3.4.10-4ubuntu1.9+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8539-1 CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015 . Several security issues were fixed in GnuTLS affecting Ubuntu 20.04, 18.04, and 16.04, allowing potential machine-in-the-middle attacks.. GnuTLS Security, Ubuntu Advisory, Certificate Validation Issues, Denial of Service, Remote Attacks. . Severity: Critical. LinuxSecurity.com Team
An update that solves 12 vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2822-1 Release Date: 2026-07-09T18:07:13Z Rating: important References: * bsc#1257960 * bsc#1263704 * bsc#1263705 * bsc#1263707 * bsc#1263708 * bsc#1263709 * bsc#1263710 * bsc#1263711 * bsc#1263712 * bsc#1263713 * bsc#1263714 * bsc#1263715 Cross-References: * CVE-2025-14831 * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-3833 * CVE-2026-42009 * CVE-2026-42010 * CVE-2026-42011 * CVE-2026-42012 * CVE-2026-42013 * CVE-2026-42014 * CVE-2026-42015 * CVE-2026-5260 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3833 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3833 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3833 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3833 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42010 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42010 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42010 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42010 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42010 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42011 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42011 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-42011 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42012 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42012 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-42012 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-42013 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42013 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-42013 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-42014 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42014 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42014 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-42015 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42015 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-42015 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-5260 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5260 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5260 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and SANs (bsc#1257960). * CVE-2026-3833: incorrectly accepted domain names due to comparison during name constraints processing being case-sensitive (bsc#1263707). * CVE-2026-5260: heap overread when processing extremely short premaster secret as part of an RSA key exchange (bsc#1263715). * CVE-2026-33845: integer overflow and heap overrun when parsing fragments with zero length and non-zero offset during DTLS handshake (bsc#1263704). * CVE-2026-33846: heap overwrite during DTLS handshake fragment reassembly due to missing validations and checks (bsc#1263705). * CVE-2026-42009: undefined behavior resulting in a DoS when handling DTLS packets with duplicate sequence numbers (bsc#1263708). * CVE-2026-42010: authentication bypass when processing a PSK username with a NUL-character (bsc#1263709). * CVE-2026-42011: name constraint bypass leading to acceptance of invalid certificates during certificate validation (bsc#1263710). * CVE-2026-42012: spoofing of legitimate services and sensitive information interception via specially crafted certificates containing URIs or SRV SANs. (bsc#1263711). * CVE-2026-42013: certificate validation bypass when validating certificates with an oversized SAN (bsc#1263712). * CVE-2026-42014: use-after-free when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protectedauthentication path (bsc#1263713). * CVE-2026-42015: memory corruption when appending to a PKCS#12 bag that already contains 32 elements (bsc#1263714). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2822=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2822=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgnutls30-3.7.3-150400.24.2 * gnutls-3.7.3-150400.24.2 * libgnutls30-hmac-3.7.3-150400.24.2 * libgnutls30-debuginfo-3.7.3-150400.24.2 * gnutls-debuginfo-3.7.3-150400.24.2 * gnutls-debugsource-3.7.3-150400.24.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgnutls30-3.7.3-150400.24.2 * gnutls-3.7.3-150400.24.2 * libgnutls30-hmac-3.7.3-150400.24.2 * libgnutls30-debuginfo-3.7.3-150400.24.2 * gnutls-debuginfo-3.7.3-150400.24.2 * gnutls-debugsource-3.7.3-150400.24.2 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-3833.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://www.suse.com/security/cve/CVE-2026-42010.html * https://www.suse.com/security/cve/CVE-2026-42011.html * https://www.suse.com/security/cve/CVE-2026-42012.html * https://www.suse.com/security/cve/CVE-2026-42013.html * https://www.suse.com/security/cve/CVE-2026-42014.html * https://www.suse.com/security/cve/CVE-2026-42015.html * https://www.suse.com/security/cve/CVE-2026-5260.html * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1263704 *https://bugzilla.suse.com/show_bug.cgi?id=1263705 * https://bugzilla.suse.com/show_bug.cgi?id=1263707 * https://bugzilla.suse.com/show_bug.cgi?id=1263708 * https://bugzilla.suse.com/show_bug.cgi?id=1263709 * https://bugzilla.suse.com/show_bug.cgi?id=1263710 * https://bugzilla.suse.com/show_bug.cgi?id=1263711 * https://bugzilla.suse.com/show_bug.cgi?id=1263712 * https://bugzilla.suse.com/show_bug.cgi?id=1263713 * https://bugzilla.suse.com/show_bug.cgi?id=1263714 * https://bugzilla.suse.com/show_bug.cgi?id=1263715 . Stay updated on important security patches for the gnutls application in SUSE, addressing various vulnerabilities.. SUSE gnutls security patch critical vulnerabilities update. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in GnuTLS.. ========================================================================== Ubuntu Security Notice USN-8502-1 July 06, 2026 gnutls28 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GnuTLS. Software Description: - gnutls28: GNU TLS library Details: It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553) Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243) Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820) Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-14831) Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack.(CVE-2026-3833) Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-5260) Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-33845) Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did not properly validate DTLS handshake fragment lengths in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-33846) Joshua Rogers discovered that GnuTLS did not properly order DTLS packets with duplicate sequence numbers in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. (CVE-2026-42009) Joshua Rogers discovered that GnuTLS did not properly handle usernames containing NUL characters in certain RSA-PSK configurations. A remote attacker could possibly use this issue to bypass authentication and gain unintended access to services. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-42010) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS gnutls-bin 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro guile-gnutls 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro libgnutls-dane0 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro libgnutls-openssl27 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro libgnutls28-dev 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro libgnutls30 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro libgnutlsxx28 3.6.13-2ubuntu1.12+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS gnutls-bin 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro libgnutls-dane0 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro libgnutls-openssl27 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro libgnutls28-dev 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro libgnutls30 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro libgnutlsxx28 3.5.18-1ubuntu1.6+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS gnutls-bin 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro guile-gnutls 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro libgnutls-dev 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro libgnutls-openssl27 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro libgnutls28-dev 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro libgnutls30 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro libgnutlsxx28 3.4.10-4ubuntu1.9+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8502-1 CVE-2024-0553, CVE-2024-12243, CVE-2025-14831, CVE-2025-9820, CVE-2026-33845, CVE-2026-33846, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-5260 . GnuTLS vulnerabilities in Ubuntu require urgent updates to prevent potential remote attacks and service disruption.. Ubuntu GnuTLS security update, GnuTLS vulnerabilities, Ubuntu security advisories. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20612 http://linux.oracle.com/errata/ELSA-2026-20612.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.8.10-4.el9_8.i686.rpm gnutls-3.8.10-4.el9_8.x86_64.rpm gnutls-c++-3.8.10-4.el9_8.i686.rpm gnutls-c++-3.8.10-4.el9_8.x86_64.rpm gnutls-dane-3.8.10-4.el9_8.i686.rpm gnutls-dane-3.8.10-4.el9_8.x86_64.rpm gnutls-devel-3.8.10-4.el9_8.i686.rpm gnutls-devel-3.8.10-4.el9_8.x86_64.rpm gnutls-utils-3.8.10-4.el9_8.x86_64.rpm aarch64: gnutls-3.8.10-4.el9_8.aarch64.rpm gnutls-c++-3.8.10-4.el9_8.aarch64.rpm gnutls-dane-3.8.10-4.el9_8.aarch64.rpm gnutls-devel-3.8.10-4.el9_8.aarch64.rpm gnutls-utils-3.8.10-4.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.8.10-4.el9_8.src.rpm Related CVEs: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 Description of changes: [3.8.10-4] - Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite) - Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour) - Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread) - Fix CVE-2026-42010 (PSK authentication, High, authentication bypass) - Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free) - Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread) - Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite) - Fix CVE-2026-3832 (OCSP, Low, revocation bypass) - Fix CVE-2026-5419 (PKCS#7, Low, timing side-channel) - Fix upstream security issue #1808(PSK rehandshake) - Fix upstream security issue #1810 (EKU OID prefix match) - Fix upstream security issue #1813 (pkcs11-provider persistent keys) - Fix upstream security issue #1818 (RSA correctness, OpenSSL format import) - Fix upstream security issue #1819 (PKCS#11 trust removal error path) - Fix upstream security issue #1822 (SCT extension parser OOB read) - Fix upstream security issue #1841 (key zeroization in hybrid kex) - Fix upstream security issue #1823 (malformed certtool template) - Fix upstream security issue #1817 (session parameter loading robustness) - Fix upstream security issue #1820 (PKCS#11 KDF succeeding w/o deriving) - gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in _______________________________________________ El-errata mailing list
An update that solves three vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2366-1 Release Date: 2026-06-11T09:12:43Z Rating: important References: * bsc#1263704 * bsc#1263705 * bsc#1263708 Cross-References: * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-42009 CVSS scores: * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). * CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2366=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2366=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutls30-3.4.17-8.23.1 * libgnutls30-debuginfo-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * gnutls-debugsource-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgnutls30-debuginfo-32bit-3.4.17-8.23.1 * libgnutls30-32bit-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libgnutls30-3.4.17-8.23.1 * libgnutls30-32bit-3.4.17-8.23.1 * libgnutls30-debuginfo-3.4.17-8.23.1 * libgnutls30-debuginfo-32bit-3.4.17-8.23.1 * gnutls-debugsource-3.4.17-8.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://bugzilla.suse.com/show_bug.cgi?id=1263704 * https://bugzilla.suse.com/show_bug.cgi?id=1263705 * https://bugzilla.suse.com/show_bug.cgi?id=1263708 . Crucial update for SUSE GnuTLS addressing multiple issues; recommended installation for system security.. SUSE GnuTLS Update, Security Patch, Important Security Advisory, SUSE Linux Enterprise. . Severity: Important. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2367-1 Release Date: 2026-06-11T09:12:53Z Rating: important References: * bsc#1263704 * bsc#1263705 * bsc#1263708 Cross-References: * CVE-2025-9820 * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-42009 CVSS scores: * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). * CVE-2026-42009: lib/buffers: ensure packets have differingsequence numbers (bsc#1263708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2367=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2367=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9820.html * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://bugzilla.suse.com/show_bug.cgi?id=1263704 * https://bugzilla.suse.com/show_bug.cgi?id=1263705 *https://bugzilla.suse.com/show_bug.cgi?id=1263708 . A critical update is available to address four important security issues in gnutls, enhancing system protection for SUSE users.. SUSE security update, gnutls patch, important security issues, Linux vulnerabilities, system protection. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20611 http://linux.oracle.com/errata/ELSA-2026-20611.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.6.16-8.el8_10.6.i686.rpm gnutls-3.6.16-8.el8_10.6.x86_64.rpm gnutls-c++-3.6.16-8.el8_10.6.i686.rpm gnutls-c++-3.6.16-8.el8_10.6.x86_64.rpm gnutls-dane-3.6.16-8.el8_10.6.i686.rpm gnutls-dane-3.6.16-8.el8_10.6.x86_64.rpm gnutls-devel-3.6.16-8.el8_10.6.i686.rpm gnutls-devel-3.6.16-8.el8_10.6.x86_64.rpm gnutls-utils-3.6.16-8.el8_10.6.x86_64.rpm aarch64: gnutls-3.6.16-8.el8_10.6.aarch64.rpm gnutls-c++-3.6.16-8.el8_10.6.aarch64.rpm gnutls-dane-3.6.16-8.el8_10.6.aarch64.rpm gnutls-devel-3.6.16-8.el8_10.6.aarch64.rpm gnutls-utils-3.6.16-8.el8_10.6.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/gnutls-3.6.16-8.el8_10.6.src.rpm Related CVEs: CVE-2026-3833 CVE-2026-5260 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 Description of changes: [3.6.16-8.6] - Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite) - Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour) - Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread) - Fix CVE-2026-42010 (PSK authentication, High, authentication bypass) - Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free) - Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread) - Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite) - Fix upstream security issue #1808 (PSK rehandshake) - Fix upstream security issue #1810 (EKU OID prefix match) - Fixupstream security issue #1818 (RSA correctness, OpenSSL format import) - Fix upstream security issue #1819 (PKCS#11 trust removal error path) - Fix upstream security issue #1817 (session parameter loading robustness) _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.