ELSA-2026-50346
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-50346
ELSA-2026-50346 - gnutls security fix update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-06-24 |
Description
[3.8.10-4_fips]
- Add FIPS package change: add fips suffix to Release and
set Epoch to 10 [Orabug: 35925409]
- Update FIPS module name for Oracle Linux [Orabug: 35925409]
[3.8.10-4]
- Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite)
- Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour)
- Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread)
- Fix CVE-2026-42010 (PSK authentication, High, authentication bypass)
- Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free)
- Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread)
- Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite)
- Fix CVE-2026-3832 (OCSP, Low, revocation bypass)
- Fix CVE-2026-5419 (PKCS#7, Low, timing side-channel)
- Fix upstream security issue #1808 (PSK rehandshake)
- Fix upstream security issue #1810 (EKU OID prefix match)
- Fix upstream security issue #1813 (pkcs11-provider persistent keys)
- Fix upstream security issue #1818 (RSA correctness, OpenSSL format import)
- Fix upstream security issue #1819 (PKCS#11 trust removal error path)
- Fix upstream security issue #1822 (SCT extension parser OOB read)
- Fix upstream security issue #1841 (key zeroization in hybrid kex)
- Fix upstream security issue #1823 (malformed certtool template)
- Fix upstream security issue #1817 (session parameter loading robustness)
- Fix upstream security issue #1820 (PKCS#11 KDF succeeding w/o deriving)
- gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in
[3.8.10-3]
- Fix PKCS#11 token initialization label overflow (CVE-2025-9820)
- Fix name constraint processing performance issue (CVE-2025-14831)
[3.8.10-2]
- Reinstate and update the prematurely dropped rekeying patch
[3.8.10-1]
- Rebase to 3.8.10
- Revert defaulting to PBMAC1 in FIPS mode
- Revert unapproving 1024-, 1280-, 1536- and 1792-bit RSA verification
Related CVEs
| CVE-2026-33845 |
| CVE-2026-33846 |
| CVE-2026-3832 |
| CVE-2026-3833 |
| CVE-2026-42009 |
| CVE-2026-42010 |
| CVE-2026-42011 |
| CVE-2026-42012 |
| CVE-2026-42013 |
| CVE-2026-42014 |
| CVE-2026-42015 |
| CVE-2026-5260 |
| CVE-2026-5419 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | gnutls-3.8.10-4.el9_8_fips.src.rpm | 3666641828e2a94d6f0e130ac03010e8697e5f19cbe650071463e295aa39c766 | - | ol9_aarch64_u3_security_validation |
| gnutls-3.8.10-4.el9_8_fips.aarch64.rpm | 629fc8829ad23a9634d77ee18c266ae39d8e490928f922ecee4fc6c4e65f331f | - | ol9_aarch64_u3_security_validation | |
| gnutls-c++-3.8.10-4.el9_8_fips.aarch64.rpm | ef3aa07a041fd0eed759156e4d7c51db15aaf0913701d9eb17d1ff673c8a2b33 | - | ol9_aarch64_u3_security_validation | |
| gnutls-dane-3.8.10-4.el9_8_fips.aarch64.rpm | 192d4f554fea2c8783af187153e06b2bdad83c0dc4ee34bc29d2a4d3af10a238 | - | ol9_aarch64_u3_security_validation | |
| gnutls-devel-3.8.10-4.el9_8_fips.aarch64.rpm | cf7e1eb0c2414b20aad1c83525f18062de6c31943caba104c6d4d8a5b9c76496 | - | ol9_aarch64_u3_security_validation | |
| gnutls-utils-3.8.10-4.el9_8_fips.aarch64.rpm | b7c6bb709fef1425d64c8dc3e6c1f95e332eebb18f010ad942c1187206a6aa1f | - | ol9_aarch64_u3_security_validation | |
| Oracle Linux 9 (x86_64) | gnutls-3.8.10-4.el9_8_fips.src.rpm | 3666641828e2a94d6f0e130ac03010e8697e5f19cbe650071463e295aa39c766 | - | ol9_x86_64_u3_security_validation |
| gnutls-3.8.10-4.el9_8_fips.i686.rpm | a0c61989fe1f8e38a0e87fde8126251d641996e48cbdbf493bf5065290d74124 | - | ol9_x86_64_u3_security_validation | |
| gnutls-3.8.10-4.el9_8_fips.x86_64.rpm | be29d588f647330e42645315786276f03d04d87653b2dc5eccad4dbb1b7cbee3 | - | ol9_x86_64_u3_security_validation | |
| gnutls-c++-3.8.10-4.el9_8_fips.i686.rpm | f4a70be3b57500a994920bd9374af2869053f4dcdba16ef7d068d98ac93b5fac | - | ol9_x86_64_u3_security_validation | |
| gnutls-c++-3.8.10-4.el9_8_fips.x86_64.rpm | 0db62ce1a4b7f5ba71ea3093c93915d040d9cab3ab4cae9aa3350a81b886f84b | - | ol9_x86_64_u3_security_validation | |
| gnutls-dane-3.8.10-4.el9_8_fips.i686.rpm | fa51dbf83d2172a3cc2359e1629ba451da6d522018bce1376717e3e7a6647a7f | - | ol9_x86_64_u3_security_validation | |
| gnutls-dane-3.8.10-4.el9_8_fips.x86_64.rpm | 45ccf7c07a5d655084cef860711261beea8d6d9283664715b3354552531150fb | - | ol9_x86_64_u3_security_validation | |
| gnutls-devel-3.8.10-4.el9_8_fips.i686.rpm | c3486f6cac3ae1edb21fc19f711bbaf4243903a785ef92bff93f739396e914e3 | - | ol9_x86_64_u3_security_validation | |
| gnutls-devel-3.8.10-4.el9_8_fips.x86_64.rpm | d79b17ff9c86460ca237c4f805ace6c0b47945c4939301010deb3618e14365db | - | ol9_x86_64_u3_security_validation | |
| gnutls-utils-3.8.10-4.el9_8_fips.x86_64.rpm | c0507b03a367d744a7c915d26edb3d820bfea2c784ef194358e518d284f88993 | - | ol9_x86_64_u3_security_validation | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
