[El-errata] ELSA-2026-20612 Important: Oracle Linux 9 gnutls security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Sat Jun 27 03:29:25 UTC 2026


Oracle Linux Security Advisory ELSA-2026-20612

http://linux.oracle.com/errata/ELSA-2026-20612.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnutls-3.8.10-4.el9_8.i686.rpm
gnutls-3.8.10-4.el9_8.x86_64.rpm
gnutls-c++-3.8.10-4.el9_8.i686.rpm
gnutls-c++-3.8.10-4.el9_8.x86_64.rpm
gnutls-dane-3.8.10-4.el9_8.i686.rpm
gnutls-dane-3.8.10-4.el9_8.x86_64.rpm
gnutls-devel-3.8.10-4.el9_8.i686.rpm
gnutls-devel-3.8.10-4.el9_8.x86_64.rpm
gnutls-utils-3.8.10-4.el9_8.x86_64.rpm

aarch64:
gnutls-3.8.10-4.el9_8.aarch64.rpm
gnutls-c++-3.8.10-4.el9_8.aarch64.rpm
gnutls-dane-3.8.10-4.el9_8.aarch64.rpm
gnutls-devel-3.8.10-4.el9_8.aarch64.rpm
gnutls-utils-3.8.10-4.el9_8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.8.10-4.el9_8.src.rpm

Related CVEs:

CVE-2026-3832
CVE-2026-3833
CVE-2026-5260
CVE-2026-5419
CVE-2026-33845
CVE-2026-33846
CVE-2026-42009
CVE-2026-42010
CVE-2026-42011
CVE-2026-42012
CVE-2026-42013
CVE-2026-42014
CVE-2026-42015




Description of changes:

[3.8.10-4]
- Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite)
- Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour)
- Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread)
- Fix CVE-2026-42010 (PSK authentication, High, authentication bypass)
- Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free)
- Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread)
- Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite)
- Fix CVE-2026-3832 (OCSP, Low, revocation bypass)
- Fix CVE-2026-5419 (PKCS#7, Low, timing side-channel)
- Fix upstream security issue #1808 (PSK rehandshake)
- Fix upstream security issue #1810 (EKU OID prefix match)
- Fix upstream security issue #1813 (pkcs11-provider persistent keys)
- Fix upstream security issue #1818 (RSA correctness, OpenSSL format import)
- Fix upstream security issue #1819 (PKCS#11 trust removal error path)
- Fix upstream security issue #1822 (SCT extension parser OOB read)
- Fix upstream security issue #1841 (key zeroization in hybrid kex)
- Fix upstream security issue #1823 (malformed certtool template)
- Fix upstream security issue #1817 (session parameter loading robustness)
- Fix upstream security issue #1820 (PKCS#11 KDF succeeding w/o deriving)
- gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in




More information about the El-errata mailing list