From: "Hugo SIMELIERE (Schneider Electric)" <[email protected]>
Pick patch from [1] as mentioned in Debian report in [2]. [1] https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5 [2] https://security-tracker.debian.org/tracker/CVE-2026-42010 Signed-off-by: Hugo SIMELIERE (Schneider Electric) <[email protected]> Reviewed-by: Bruno VERNAY <[email protected]> --- .../gnutls/gnutls/CVE-2026-42010.patch | 42 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.8.4.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42010.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42010.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42010.patch new file mode 100644 index 0000000000..59454cefe7 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42010.patch @@ -0,0 +1,42 @@ +From 590f730b1cd35202bb372480e6a0ac0c3d31933e Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin <[email protected]> +Date: Tue, 21 Apr 2026 19:26:10 +0200 +Subject: [PATCH] lib/auth/rsa_psk: fix binary PSK identity lookup + +A server looking up PSK username with a NUL-character in it +was wrongfully matching username truncated at a NUL-character. +Fix the check to compare up to the full username length. + +Reported-by: Joshua Rogers of AISLE Research Team <[email protected]> +Fixes: #1850 +Fixes: CVE-2026-42010 +Fixes: GNUTLS-SA-2026-04-29-4 +CVSS: 7.1 High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N + +CVE: CVE-2026-42010 +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5] + +Signed-off-by: Alexander Sosedkin <[email protected]> +(cherry picked from commit cb1833afd9b6309563211b1c0a7c291f52ca98d5) +Signed-off-by: Hugo SIMELIERE (Schneider Electric) <[email protected]> +--- + lib/auth/rsa_psk.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c +index 399fb4da1..a14de467a 100644 +--- a/lib/auth/rsa_psk.c ++++ b/lib/auth/rsa_psk.c +@@ -321,8 +321,7 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, + * filled in if the key is not found. + */ + ret = _gnutls_psk_pwd_find_entry(session, info->username, +- strlen(info->username), &pwd_psk, +- NULL); ++ info->username_len, &pwd_psk, NULL); + if (ret < 0) + return gnutls_assert_val(ret); + +-- +2.43.0 + diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb index dc8e28c99b..0b3abb827c 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb @@ -50,6 +50,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://CVE-2026-3833.patch \ file://CVE-2026-42015.patch \ file://CVE-2026-42014.patch \ + file://CVE-2026-42010.patch \ " SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237398): https://lists.openembedded.org/g/openembedded-core/message/237398 Mute This Topic: https://lists.openembedded.org/mt/119404645/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
