Release date:
2026-05-16 12:20:31 UTC
Description:
* SECURITY UPDATE: Authentication bypass via NUL-byte truncation in RSA-PSK username lookup
- debian/patches/CVE-2026-42010.patch: replace strlen(info->username) with
info->username_len in _gnutls_proc_rsa_psk_client_kx in lib/auth/rsa_psk.c
to prevent NUL-byte truncation allowing username matching with truncated entries
- CVE-2026-42010
Updated packages:
-
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:6bf69483e72050ca872926e4d5e5c4a9c5ece719
-
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els4_all.deb
sha:6f423cd7ea727d5ae7708ee8f597abcdb52c23d5
-
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:b466a6fcceb13bf21798ef09e8a1af4688c44ea2
-
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:9d0c88ba7ac7cb8768f45c88c4bc0eae49c80306
-
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:78ad44ff7f572123c0cc7be87c77fa3012e2184f
-
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:203254b65ebe47f7ceb6b487ec2432ba0715855f
-
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:5a760a79e4d976ca9fc72fcf7756bac7555a01a1
-
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
sha:17dc12f6e5c6a649953aa73c0a4c24e4e924bb62
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
