Debian alert DLA-4595-1 (gnutls28)
| From: | Guilhem Moulin <guilhem@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4595-1] gnutls28 security update | |
| Date: | Fri, 22 May 2026 18:32:50 +0200 | |
| Message-ID: | <ahCFMjCflR3T6v_l@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4595-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 22, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : gnutls28 Version : 3.7.1-5+deb11u10 CVE ID : CVE-2026-3833 CVE-2026-5260 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 Debian Bug : 1135319 Multiple vulnerabilities were found in GnuTLS, a portable library which implements the Transport Layer Security and Datagram Transport Layer Security protocols, which may lead to constraint bypass, denial of service, information disclosure, authentication bypass or potentially execution of arbitrary code. CVE-2026-3833 Oleh Konko and Joshua Rogers independently discovered that domain name comparison during name constraints processing was case-sensitive, thereby violating RFC 5280 ยง 7.2. For excluded name constraints, this could lead to incorrectly accepting domain names that should've been rejected. CVE-2026-5260 Joshua Rogers discovered that for a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread. CVE-2026-33845 Joshua Rogers a remotely triggerable underflow in the DTLS reassembly code leading to a heap overrun. CVE-2026-33846 Haruto Kimura, Oscar Reparaz and Zou Dikai independently discovered that GnuTLS failed to properly check that DTLS fragments claimed a consistent message_length value, and that a missing bound check on the array was missing, enabling an attacker to cause a heap overwrite. CVE-2026-42009 Joshua Rogers discovered that the comparator function used for ordering DTLS packets by sequence numbers did not follow qsort comparator contracts in case of packets with duplicate sequence numbers, which could lead to undefined behaviour. CVE-2026-42010 Joshua Rogers discovered that servers configured with RSA-PSK wrongfully matched usernames with NUL character in them to ones truncated to NUL character, which could lead to an authentication bypass. CVE-2026-42011 Haruto Kimura discovered that permitted name constraints were wrongfully ignored when prior CAs only had excluded name constraints, resulting in a name constraint bypass. CVE-2026-42012 Oleh Konko discovered that certificates containing URI or SRV Subject Alternative Names would fall back to checking DNS hostnames against Common Name, allowing potential misuse of such certificates beyond their original purpose. CVE-2026-42013 Haruto Kimura and Joshua Rogers independently discovered that validation of certificates with oversized Subject Alternative Names would fall back to checking DNS hostnames against Common Name. CVE-2026-42014 Luigino Camastra and Joshua Rogers discovered that changing the Security Officer PIN with `gnutls_pkcs11_token_set_pin()` with `oldpin == NULL` for a token lacking a protected authentication path led to a use-after-free. CVE-2026-42015 Zou Dikai discovered that appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array. This update also fixes additional security issues for which no CVE ID was assigned yet: Joshua Rogers discovered that rehandshaking to a username with embedded NUL character could theoretically allow bypassing the `GNUTLS_ALLOW_ID_CHANGE` protection. Joshua Rogers discovered that the OCSP signing EKU OID was compared without verifying its length, allowing a shorter OID that shares the same prefix to match. Haruto Kimura discovered a possible invalid pointer dereference in the PKCS#11 trust removal error path. Kamil Frankowicz discovered that `gnutls_privkey_verify_params()` overlooked the scenario of `p` and `q` not being co-prime. It now returns `GNUTLS_E_PK_INVALID_PRIVKEY` in this case. Joshua Rogers discovered that if `gnutls_x509_crt_list_import_pkcs11()` failed partway through, then the trust list cleanup code would try to free already-deinitialized certificate entries, leading to a double-free. Kamil Frankowicz and Joshua Rogers idependently discovered that insufficient bounds checking on the PEM header length could lead to short heap overreads on specially crafted inputs. For Debian 11 bullseye, these problems have been fixed in version 3.7.1-5+deb11u10. We recommend that you upgrade your gnutls28 packages. For the detailed security status of gnutls28 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gnutls28 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmoQhTAACgkQ05pJnDwh pVLa/RAApvTMhY9zMLurPVisS3m0+BWmKCTR5hNtwUZJ3Au8r3HwdaUKgm11WPJ5 rZ+TmuU8qPLwolUPhSteXao5yQUO8AwqiRa44dxOalmHL4OId5mGLpSH1B6dzwnM uNsHi1B3An2VlaEND0ppe3IeJE/dPalc7ao0GysSR6iYEyAQOXhPPQwTZo3r212C 9OGqdFI4Vso1NWk0ATKgwKX2RHequWWjAaWBJij9NSFkxr6lUyMCcg72t3xfuD55 Q8Fjq9cLFacKkBJ4/qKBKll1g36jVm3u6C9fXe81d276pxZoE72ztSmiwoUXX0zE ub8tRiNhY/zGCtTCvcv2NnjPHGmkQpRPfmYDlMT185QYcM3c6c1ZtM6M0LgEqLvi F6HosI46CZxzvzGX0g2NkTZMK2dmVBs/Hnqz9HT5s6J0SFY15sjUqfrtyrvGyAhk OW5aFKCcPRrWrF+I0/wy21ObI0h1/C9ce+IYpX8KlbwAMTaCs4VOo3jWRv0VdqXf PkgeB2jegFNXcoi6TiKtdUp/osC8RqRoEEHsNJ2C0t2iws3BU//izMHxe6IZLgFn 2q255xhe65c6eX5zB3J3EzjFpZOUSg+8iAEPR1GMPIuQkclfljAeuqYDkah/mMt9 +U/rTmT7/RZl/i+dXhKTNKsNPpX06I9YL4IILkg5lffVIWVS2tc= =MDRf -----END PGP SIGNATURE-----