[CLSA-2026:1779869625] gnutls: Fix of CVE-2026-42010
Type:
security
Severity:
Critical
Release date:
2026-05-27 08:13:59 UTC
Description:
- CVE-2026-42010: RSA-PSK server truncated PSK identity at an embedded NUL byte during _gnutls_psk_pwd_find_entry lookup, allowing authentication bypass; use info->username_len instead of strlen(info->username)
Updated packages:
  • gnutls-3.6.16-4.el8.tuxcare.els11.i686.rpm
    sha:e4c0b1137bc7dd8e78549915d0663ef86014fe0c067fd21f16aeff8ebc606fa4
  • gnutls-3.6.16-4.el8.tuxcare.els11.x86_64.rpm
    sha:cc3510ef11d0986feb79da59faa3de0d00f25a91244cd4b757b6a753b2408a61
  • gnutls-c++-3.6.16-4.el8.tuxcare.els11.i686.rpm
    sha:6b8f9805a43c9a6eab22857b89bdde1e581a783bf9cafccf416ae190dcebe2e7
  • gnutls-c++-3.6.16-4.el8.tuxcare.els11.x86_64.rpm
    sha:e95568878a3d54765c2a13ad17642998b06f5ddc9c232ad9648fb1b047535a36
  • gnutls-dane-3.6.16-4.el8.tuxcare.els11.i686.rpm
    sha:4bec15aef5e70a48154b10fa640005be50c9792ce60ab52b91bef9d79403b025
  • gnutls-dane-3.6.16-4.el8.tuxcare.els11.x86_64.rpm
    sha:b38c3cc4fcb1d29f43605a76d3e3550caa0514d5a33b6ca3cc140f80c7ba24af
  • gnutls-devel-3.6.16-4.el8.tuxcare.els11.i686.rpm
    sha:6e6a9508d125344f8f1b73b58241722f5ff1391202d1a54f00562cfbd2a34857
  • gnutls-devel-3.6.16-4.el8.tuxcare.els11.x86_64.rpm
    sha:49f4a0f50f7fb92320267fcd68ba3522551daaee85030b07991a6811a1f66f5a
  • gnutls-utils-3.6.16-4.el8.tuxcare.els11.x86_64.rpm
    sha:57f81f8eab89758324225d9e0b4cdb29659330ed7a0684f391e5d10c55d5e7d3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.