SB20260522117 - openEuler 22.03 LTS SP4 update for gnutls
Published: May 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Improper Certificate Validation (CVE-ID: CVE-2026-3833)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass name constraints validation.
The vulnerability exists due to improper certificate validation in name constraints processing when comparing domain names in certificates. A remote attacker can present a specially crafted certificate to bypass name constraints validation.
This issue affects excluded name constraints because domain name comparison was performed case-sensitively, contrary to RFC 5280 section 7.2.
2) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-42009)
CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper implementation of a qsort comparator contract in the DTLS packet sequence number comparator when ordering DTLS packets by sequence numbers. A remote attacker can send DTLS packets with duplicate sequence numbers to cause a denial of service.
3) Improper Authentication (CVE-ID: CVE-2026-42010)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to improper authentication in RSA-PSK username matching when processing usernames containing a NUL character. A remote attacker can supply a specially crafted username to bypass authentication.
4) Improper Certificate Validation (CVE-ID: CVE-2026-42013)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass certificate hostname validation.
The vulnerability exists due to improper certificate validation in certificate Subject Alternative Name and Common Name hostname checking when validating certificates with oversized Subject Alternative Names. A remote attacker can present a specially crafted certificate to bypass certificate hostname validation.
5) Use-after-free (CVE-ID: CVE-2026-42014)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in gnutls_pkcs11_token_set_pin() when changing the Security Officer PIN with oldpin set to NULL for a token lacking a protected authentication path. A remote attacker can trigger the vulnerable function call to cause a denial of service.
6) Out-of-bounds write (CVE-ID: CVE-2026-42015)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds write in the PKCS#12 bag handling code when appending to a PKCS#12 bag that already contains 32 elements. A remote attacker can supply crafted PKCS#12 data to cause a denial of service.
7) Out-of-bounds read (CVE-ID: CVE-2026-5260)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in RSA key exchange handling when processing an extremely short premaster secret from a client for a server using an RSA key backed by a PKCS#11 token. A remote attacker can send a specially crafted premaster secret to disclose sensitive information.
Only servers using an RSA key backed by a PKCS#11 token are vulnerable.
Remediation
Install update from vendor's website.