77 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
RHEL 8 : gnutls and libtasn1 (RHSA-2026:30849)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30849 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1808)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1808 advisory. Permitted name constraints were wrongfully ignored when prior CAs only had excluded name constraints, resulting in a name constraint bypass. The issue was reported in the issue tracker as 1824...
EulerOS Virtualization 2.13.1 : gnutls (EulerOS-SA-2026-2129)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...
MiracleLinux 8 : gnutls-3.6.16-8.el8_10.6.ML.1 (AXSA:2026-729:16)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-729:16 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls. This vulnerability arises from the fact that using an excessively long subject alternative name during...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory. GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite...
MiracleLinux 8 : gnutls-3.6.16-8.el8_10.5.ML.1 (AXSA:2026-360:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-360:02 advisory. gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service via excessive resource...
EulerOS Virtualization 2.12.0 : gnutls (EulerOS-SA-2026-1485)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization...
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
OpenAI on Friday began rolling out Codex Security , an artificial intelligence AI-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex w...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GnuTLS vulnerabilities (USN-8043-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8043-1 advisory. Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and...
USN-8043-1: GnuTLS vulnerabilities
Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. CVE-2025-14831...
MiracleLinux 9 : gnutls-3.7.6-23.el9_3.4 (AXSA:2024-7696:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7696:05 advisory. gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain building/verification CVE-2024-28835...
MiracleLinux 7 : gnutls-3.3.29-8.el7 (AXSA:2019-3543:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3543:01 advisory. gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 gnutls: HMAC-SHA-384 vulnerable to...
MiracleLinux 3 : gnutls-1.4.1-3.8.0.1.AXS3 (AXSA:2010-153:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-153:01 advisory. The GNU TLS library implements TLS and support for cryptographic algorithms. Security issues fixed with this releasse: CVE-2009-3555 The TLS protocol...
MiracleLinux 9 : gnutls-3.8.3-6.el9_6.2 (AXSA:2025-10868:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10868:03 advisory. gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS SCT extension parsing CVE-2025-32989 gnutl...
EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2025-2413)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject...
Advisory ROSA-SA-2025-3056
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.1 unaffected versions = gnutls-3.6.16-8.0.1.rv31.4 affected versions gnutls-3.6.16-8.0.1.1.rv31.4 CVE-ID: CVE-2024-12243 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to algorithmic...
EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2291)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...
RockyLinux 10 : gnutls (RLSA-2025:16115)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16115 advisory. gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS SCT extension parsing CVE-2025-32989 gnutls:...