RLSA-2026:20612 Important: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an underflow with a DTLS datagram...

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-6395)

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

RHEL 9 : gnutls (RHSA-2025:17361)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17361 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

SUSE-SU-2025:20665-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-32988: Fixed double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName bsc1246232. - CVE-2025-32989: Fixed heap buffer overread when handling the CT SCT extension during X.509 certificat...

USN-7281-1: GnuTLS vulnerability

Bing Shi discovered that GnuTLS incorrectly handled decoding certain DER-encoded certificates. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, leading to a denial of service...

OCSP stapling bypass with GnuTLS

...

SUSE CVE-2013-4487

Off-by-one error in the danerawtlsa in the DANE library libdane in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466...

USN-5750-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service...

USN-5029-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

...

USN-4233-1: GnuTLS update

As a security improvement, this update marks SHA1 as being untrusted for digital signature operations...

USN-2913-4: GnuTLS update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update...

UBUNTU-CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes...

USN-2229-1 gnutls26 vulnerability

Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Ubuntu 4.10 / 5.04 / 5.10 : libtasn1-2 vulnerability (USN-251-1)

Evgeny Legerov discovered a buffer overflow in the DER format decoding function of the libtasn library. This library is mainly used by the GNU TLS library; by sending a specially crafted X.509 certificate to a server which uses TLS encryption/authentication, a remote attacker could exploit this t...

Important: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GN...

Ubuntu 4.10 / 5.04 : gnutls11, gnutls10 vulnerability (USN-126-1)

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access...

USN-126-1: GNU TLS library vulnerability

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing consistency check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory...