Release date:
2026-05-15 08:05:22 UTC
Description:
* SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints
- debian/patches/CVE-2026-3833.patch: replace memcmp with c_strncasecmp in
ends_with, email_ends_with, dnsname_matches and email_matches in
lib/x509/name_constraints.c so DNS labels and email domains are compared
case-insensitively per RFC 5280 7.2
- CVE-2026-3833
Updated packages:
-
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:902b1fe00b7ade18f6ea5c3565fdc40465aef729
-
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els3_all.deb
sha:e0853553be0c090f18f67fee662a4ef7048fe7a9
-
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:cf45122e384289064b1944b9ff2a40e348ca9413
-
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:00cf2b4d617366fa4557dd990e23d0d3f1617386
-
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:9b60d126f5ca1fa83abf8fad39ef2001247a078a
-
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:c4c4dd41d14193a0d894fab14c978b471c5be845
-
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:5e9eec7d842ea89883bd86563810b73a23ab06d2
-
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
sha:4ad5aac860fb781d54f888e44b90c60baddb79f8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
