Описание
ELSA-2026-50149: gnutls security update (MODERATE)
[3.8.3-10_fips]
- Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35925409]
- Update FIPS module name for Oracle Linux [Orabug: 35925409]
[3.8.3-10]
- Fix PKCS#11 token initialization label overflow (CVE-2025-9820)
- Fix name constraint processing performance issue (CVE-2025-14831)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
gnutls
3.8.3-10.el9_7_fips
gnutls-c++
3.8.3-10.el9_7_fips
gnutls-dane
3.8.3-10.el9_7_fips
gnutls-devel
3.8.3-10.el9_7_fips
gnutls-utils
3.8.3-10.el9_7_fips
Oracle Linux x86_64
gnutls
3.8.3-10.el9_7_fips
gnutls-c++
3.8.3-10.el9_7_fips
gnutls-dane
3.8.3-10.el9_7_fips
gnutls-devel
3.8.3-10.el9_7_fips
gnutls-utils
3.8.3-10.el9_7_fips
Связанные CVE
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 2 месяцев назад
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).