SB2026061268 - Anolis OS update for gnutls
Published: June 12, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Improper Certificate Validation (CVE-ID: CVE-2026-42012)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to misuse certificates beyond their intended purpose.
The vulnerability exists due to improper certificate validation in certificate hostname verification when processing certificates containing URI or SRV Subject Alternative Names. A remote attacker can present a specially crafted certificate to misuse certificates beyond their intended purpose.
Certificates with URI or SRV Subject Alternative Names may incorrectly fall back to checking DNS hostnames against the Common Name.
2) Improper Certificate Validation (CVE-ID: CVE-2026-42013)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass certificate hostname validation.
The vulnerability exists due to improper certificate validation in certificate Subject Alternative Name and Common Name hostname checking when validating certificates with oversized Subject Alternative Names. A remote attacker can present a specially crafted certificate to bypass certificate hostname validation.
3) Out-of-bounds write (CVE-ID: CVE-2026-42015)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds write in the PKCS#12 bag handling code when appending to a PKCS#12 bag that already contains 32 elements. A remote attacker can supply crafted PKCS#12 data to cause a denial of service.
4) Out-of-bounds read (CVE-ID: CVE-2026-5260)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in RSA key exchange handling when processing an extremely short premaster secret from a client for a server using an RSA key backed by a PKCS#11 token. A remote attacker can send a specially crafted premaster secret to disclose sensitive information.
Only servers using an RSA key backed by a PKCS#11 token are vulnerable.
Remediation
Install update from vendor's website.