------------------------------------------------------------------------- Debian LTS Advisory DLA-4595-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 22, 2026 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : gnutls28
Version : 3.7.1-5+deb11u10
CVE ID : CVE-2026-3833 CVE-2026-5260 CVE-2026-33845 CVE-2026-33846
CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012
CVE-2026-42013 CVE-2026-42014 CVE-2026-42015
Debian Bug : 1135319
Multiple vulnerabilities were found in GnuTLS, a portable library which
implements the Transport Layer Security and Datagram Transport Layer
Security protocols, which may lead to constraint bypass, denial of
service, information disclosure, authentication bypass or potentially
execution of arbitrary code.
CVE-2026-3833
Oleh Konko and Joshua Rogers independently discovered that domain
name comparison during name constraints processing was
case-sensitive, thereby violating RFC 5280 ยง 7.2. For excluded name
constraints, this could lead to incorrectly accepting domain names
that should've been rejected.
CVE-2026-5260
Joshua Rogers discovered that for a server using an RSA key backed
by a PKCS#11 token, a client sending an extremely short premaster
secret during an RSA key exchange could trigger a short heap
overread.
CVE-2026-33845
Joshua Rogers a remotely triggerable underflow in the DTLS
reassembly code leading to a heap overrun.
CVE-2026-33846
Haruto Kimura, Oscar Reparaz and Zou Dikai independently discovered
that GnuTLS failed to properly check that DTLS fragments claimed a
consistent message_length value, and that a missing bound check on
the array was missing, enabling an attacker to cause a heap
overwrite.
CVE-2026-42009
Joshua Rogers discovered that the comparator function used for
ordering DTLS packets by sequence numbers did not follow qsort
comparator contracts in case of packets with duplicate sequence
numbers, which could lead to undefined behaviour.
CVE-2026-42010
Joshua Rogers discovered that servers configured with RSA-PSK
wrongfully matched usernames with NUL character in them to ones
truncated to NUL character, which could lead to an authentication
bypass.
CVE-2026-42011
Haruto Kimura discovered that permitted name constraints were
wrongfully ignored when prior CAs only had excluded name
constraints, resulting in a name constraint bypass.
CVE-2026-42012
Oleh Konko discovered that certificates containing URI or SRV
Subject Alternative Names would fall back to checking DNS hostnames
against Common Name, allowing potential misuse of such certificates
beyond their original purpose.
CVE-2026-42013
Haruto Kimura and Joshua Rogers independently discovered that
validation of certificates with oversized Subject Alternative Names
would fall back to checking DNS hostnames against Common Name.
CVE-2026-42014
Luigino Camastra and Joshua Rogers discovered that changing the
Security Officer PIN with `gnutls_pkcs11_token_set_pin()` with
`oldpin == NULL` for a token lacking a protected authentication path
led to a use-after-free.
CVE-2026-42015
Zou Dikai discovered that appending to a PKCS#12 bag that already
contained 32 elements could write past the bag's internal array.
This update also fixes additional security issues for which no CVE ID
was assigned yet:
Joshua Rogers discovered that rehandshaking to a username with
embedded NUL character could theoretically allow bypassing the
`GNUTLS_ALLOW_ID_CHANGE` protection.
Joshua Rogers discovered that the OCSP signing EKU OID was compared
without verifying its length, allowing a shorter OID that shares the
same prefix to match.
Haruto Kimura discovered a possible invalid pointer dereference in
the PKCS#11 trust removal error path.
Kamil Frankowicz discovered that `gnutls_privkey_verify_params()`
overlooked the scenario of `p` and `q` not being co-prime. It now
returns `GNUTLS_E_PK_INVALID_PRIVKEY` in this case.
Joshua Rogers discovered that if `gnutls_x509_crt_list_import_pkcs11()`
failed partway through, then the trust list cleanup code would try
to free already-deinitialized certificate entries, leading to a
double-free.
Kamil Frankowicz and Joshua Rogers idependently discovered that
insufficient bounds checking on the PEM header length could lead to
short heap overreads on specially crafted inputs.
For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u10.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
signature.asc
Description: PGP signature
