SB20260715101 - Ubuntu update for gnutls28



SB20260715101 - Ubuntu update for gnutls28

Published: July 15, 2026

Security Bulletin ID SB20260715101
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Improper Certificate Validation (CVE-ID: CVE-2026-42011)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass name constraints during certificate validation.

The vulnerability exists due to improper certificate validation in the name constraints handling logic when processing certificate chains. A remote attacker can present a specially crafted certificate chain to bypass name constraints during certificate validation.

The issue occurs when permitted name constraints are ignored if prior certificate authorities contain only excluded name constraints.


2) Improper Certificate Validation (CVE-ID: CVE-2026-42012)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to misuse certificates beyond their intended purpose.

The vulnerability exists due to improper certificate validation in certificate hostname verification when processing certificates containing URI or SRV Subject Alternative Names. A remote attacker can present a specially crafted certificate to misuse certificates beyond their intended purpose.

Certificates with URI or SRV Subject Alternative Names may incorrectly fall back to checking DNS hostnames against the Common Name.


3) Improper Certificate Validation (CVE-ID: CVE-2026-42013)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certificate hostname validation.

The vulnerability exists due to improper certificate validation in certificate Subject Alternative Name and Common Name hostname checking when validating certificates with oversized Subject Alternative Names. A remote attacker can present a specially crafted certificate to bypass certificate hostname validation.


4) Use-after-free (CVE-ID: CVE-2026-42014)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to use-after-free in gnutls_pkcs11_token_set_pin() when changing the Security Officer PIN with oldpin set to NULL for a token lacking a protected authentication path. A remote attacker can trigger the vulnerable function call to cause a denial of service.


5) Out-of-bounds write (CVE-ID: CVE-2026-42015)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds write in the PKCS#12 bag handling code when appending to a PKCS#12 bag that already contains 32 elements. A remote attacker can supply crafted PKCS#12 data to cause a denial of service.


Remediation

Install update from vendor's website.