Packages
- gnutls28 - GNU TLS library
Details
Haruto Kimura discovered that GnuTLS did not properly apply permitted
name constraints in certain certificate validation paths. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42011)
Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name
checks for certain URI and SRV subject alternative names. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42012)
Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell
back to Common Name checks when subject alternative names were
oversized. A remote attacker could possibly use this issue to bypass
certificate validation, leading to a machine-in-the-middle attack.
(
Haruto Kimura discovered that GnuTLS did not properly apply permitted
name constraints in certain certificate validation paths. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42011)
Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name
checks for certain URI and SRV subject alternative names. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42012)
Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell
back to Common Name checks when subject alternative names were
oversized. A remote attacker could possibly use this issue to bypass
certificate validation, leading to a machine-in-the-middle attack.
(CVE-2026-42013)
Luigino Camastra and Joshua Rogers discovered that GnuTLS had a
use-after-free issue when changing PKCS#11 token security officer PINs
in certain cases. An attacker could possibly use this issue to cause
GnuTLS to crash, resulting in a denial of service, or execute arbitrary
code. (CVE-2026-42014)
Zou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag
sizes in certain cases. An attacker could possibly use this issue to
cause GnuTLS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2026-42015)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 LTS focal | libgnutls30 – 3.6.13-2ubuntu1.12+esm3 | ||
| 18.04 LTS bionic | libgnutls30 – 3.5.18-1ubuntu1.6+esm4 | ||
| 16.04 LTS xenial | libgnutls30 – 3.4.10-4ubuntu1.9+esm4 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.