[Apollo] Advisories Statistics light light Login

RLSA-2026:20612

Security Mirrored from RHSA-2026:20612
Issued at: 2026-06-02
Updated at: 2026-06-03

Synopsis

Important: gnutls security update



Description

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library,

which implements cryptographic algorithms and protocols such as SSL, TLS, and

DTLS.

Security Fix(es):

* gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009)

* gnutls: Fix crashing on an underflow with a DTLS datagram

(CVE-2026-33845)

* gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010)

* gnutls: Fix case-sensitivity of domain name comparison in name

constraints (CVE-2026-3833)

* gnutls: Fix intersecting empty name constraints (CVE-2026-42011)

* gnutls: Denial of Service via heap buffer overflow in DTLS handshake

fragment reassembly (CVE-2026-33846)

For more details about the security issue(s), including the impact, a CVSS

score, acknowledgments, and other related information, refer to the CVE page(s)

listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2445762 2445763 2450624 2450625 2467279 2467289 2467437 2467441 2467448 2467450 2467451 2467678 2467686

CVEs

CVE-2026-33845 CVE-2026-33846 CVE-2026-3832 CVE-2026-3833 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 CVE-2026-5260 CVE-2026-5419

Affected packages

Rocky Linux 9 aarch64 - BaseOS

gnutls-0:3.8.10-4.el9_8.aarch64.rpm gnutls-0:3.8.10-4.el9_8.src.rpm gnutls-debuginfo-0:3.8.10-4.el9_8.aarch64.rpm gnutls-debugsource-0:3.8.10-4.el9_8.aarch64.rpm

Rocky Linux 9 x86_64 - BaseOS

gnutls-0:3.8.10-4.el9_8.i686.rpm gnutls-0:3.8.10-4.el9_8.src.rpm gnutls-0:3.8.10-4.el9_8.x86_64.rpm gnutls-debuginfo-0:3.8.10-4.el9_8.i686.rpm gnutls-debuginfo-0:3.8.10-4.el9_8.x86_64.rpm gnutls-debugsource-0:3.8.10-4.el9_8.i686.rpm gnutls-debugsource-0:3.8.10-4.el9_8.x86_64.rpm

Rocky Linux 9 ppc64le - BaseOS

gnutls-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-0:3.8.10-4.el9_8.src.rpm gnutls-debuginfo-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-debugsource-0:3.8.10-4.el9_8.ppc64le.rpm

Rocky Linux 9 s390x - BaseOS

gnutls-0:3.8.10-4.el9_8.s390x.rpm gnutls-0:3.8.10-4.el9_8.src.rpm gnutls-debuginfo-0:3.8.10-4.el9_8.s390x.rpm gnutls-debugsource-0:3.8.10-4.el9_8.s390x.rpm

Rocky Linux 9 aarch64 - AppStream

gnutls-c++-0:3.8.10-4.el9_8.aarch64.rpm gnutls-c++-debuginfo-0:3.8.10-4.el9_8.aarch64.rpm gnutls-dane-0:3.8.10-4.el9_8.aarch64.rpm gnutls-dane-debuginfo-0:3.8.10-4.el9_8.aarch64.rpm gnutls-devel-0:3.8.10-4.el9_8.aarch64.rpm gnutls-utils-0:3.8.10-4.el9_8.aarch64.rpm gnutls-utils-debuginfo-0:3.8.10-4.el9_8.aarch64.rpm

Rocky Linux 9 x86_64 - AppStream

gnutls-c++-0:3.8.10-4.el9_8.i686.rpm gnutls-c++-0:3.8.10-4.el9_8.x86_64.rpm gnutls-c++-debuginfo-0:3.8.10-4.el9_8.i686.rpm gnutls-c++-debuginfo-0:3.8.10-4.el9_8.x86_64.rpm gnutls-dane-0:3.8.10-4.el9_8.i686.rpm gnutls-dane-0:3.8.10-4.el9_8.x86_64.rpm gnutls-dane-debuginfo-0:3.8.10-4.el9_8.i686.rpm gnutls-dane-debuginfo-0:3.8.10-4.el9_8.x86_64.rpm gnutls-devel-0:3.8.10-4.el9_8.i686.rpm gnutls-devel-0:3.8.10-4.el9_8.x86_64.rpm gnutls-utils-0:3.8.10-4.el9_8.x86_64.rpm gnutls-utils-debuginfo-0:3.8.10-4.el9_8.x86_64.rpm

Rocky Linux 9 ppc64le - AppStream

gnutls-c++-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-c++-debuginfo-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-dane-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-dane-debuginfo-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-devel-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-utils-0:3.8.10-4.el9_8.ppc64le.rpm gnutls-utils-debuginfo-0:3.8.10-4.el9_8.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

gnutls-c++-0:3.8.10-4.el9_8.s390x.rpm gnutls-c++-debuginfo-0:3.8.10-4.el9_8.s390x.rpm gnutls-dane-0:3.8.10-4.el9_8.s390x.rpm gnutls-dane-debuginfo-0:3.8.10-4.el9_8.s390x.rpm gnutls-devel-0:3.8.10-4.el9_8.s390x.rpm gnutls-utils-0:3.8.10-4.el9_8.s390x.rpm gnutls-utils-debuginfo-0:3.8.10-4.el9_8.s390x.rpm