Search criteria
Related vulnerabilities
SUSE-SU-2026:21752-1
Vulnerability from csaf_suse - Published: 2026-05-18 10:06 - Updated: 2026-05-18 10:06Summary
Security update for gnutls
Severity
Important
Notes
Title of the patch: Security update for gnutls
Description of the patch: This update for gnutls fixes the following issues
- CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass (bsc#1263706).
- CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707).
- CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715).
- CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716).
- CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704).
- CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705).
- CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708).
- CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709).
- CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710).
- CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711).
- CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712).
- CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713).
- CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds chec (bsc#1263714).
Patchnames: SUSE-SL-Micro-6.2-776
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gnutls",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gnutls fixes the following issues\n\n- CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass (bsc#1263706).\n- CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707).\n- CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715).\n- CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716).\n- CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704).\n- CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705).\n- CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708).\n- CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709).\n- CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710).\n- CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711).\n- CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712).\n- CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713).\n- CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds chec (bsc#1263714).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-776",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21752-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21752-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621752-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21752-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046764.html"
},
{
"category": "self",
"summary": "SUSE Bug 1263704",
"url": "https://bugzilla.suse.com/1263704"
},
{
"category": "self",
"summary": "SUSE Bug 1263705",
"url": "https://bugzilla.suse.com/1263705"
},
{
"category": "self",
"summary": "SUSE Bug 1263706",
"url": "https://bugzilla.suse.com/1263706"
},
{
"category": "self",
"summary": "SUSE Bug 1263707",
"url": "https://bugzilla.suse.com/1263707"
},
{
"category": "self",
"summary": "SUSE Bug 1263708",
"url": "https://bugzilla.suse.com/1263708"
},
{
"category": "self",
"summary": "SUSE Bug 1263709",
"url": "https://bugzilla.suse.com/1263709"
},
{
"category": "self",
"summary": "SUSE Bug 1263710",
"url": "https://bugzilla.suse.com/1263710"
},
{
"category": "self",
"summary": "SUSE Bug 1263711",
"url": "https://bugzilla.suse.com/1263711"
},
{
"category": "self",
"summary": "SUSE Bug 1263712",
"url": "https://bugzilla.suse.com/1263712"
},
{
"category": "self",
"summary": "SUSE Bug 1263713",
"url": "https://bugzilla.suse.com/1263713"
},
{
"category": "self",
"summary": "SUSE Bug 1263714",
"url": "https://bugzilla.suse.com/1263714"
},
{
"category": "self",
"summary": "SUSE Bug 1263715",
"url": "https://bugzilla.suse.com/1263715"
},
{
"category": "self",
"summary": "SUSE Bug 1263716",
"url": "https://bugzilla.suse.com/1263716"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33845 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33846 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-3832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-3832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-3833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-3833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42009 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42010 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42011 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42012 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42013 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42014 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42015 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5260 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5419 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5419/"
}
],
"title": "Security update for gnutls",
"tracking": {
"current_release_date": "2026-05-18T10:06:30Z",
"generator": {
"date": "2026-05-18T10:06:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21752-1",
"initial_release_date": "2026-05-18T10:06:30Z",
"revision_history": [
{
"date": "2026-05-18T10:06:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.10-160000.3.1.aarch64",
"product": {
"name": "gnutls-3.8.10-160000.3.1.aarch64",
"product_id": "gnutls-3.8.10-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.10-160000.3.1.aarch64",
"product": {
"name": "libgnutls30-3.8.10-160000.3.1.aarch64",
"product_id": "libgnutls30-3.8.10-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.10-160000.3.1.ppc64le",
"product": {
"name": "gnutls-3.8.10-160000.3.1.ppc64le",
"product_id": "gnutls-3.8.10-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.10-160000.3.1.ppc64le",
"product": {
"name": "libgnutls30-3.8.10-160000.3.1.ppc64le",
"product_id": "libgnutls30-3.8.10-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.10-160000.3.1.s390x",
"product": {
"name": "gnutls-3.8.10-160000.3.1.s390x",
"product_id": "gnutls-3.8.10-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.10-160000.3.1.s390x",
"product": {
"name": "libgnutls30-3.8.10-160000.3.1.s390x",
"product_id": "libgnutls30-3.8.10-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.10-160000.3.1.x86_64",
"product": {
"name": "gnutls-3.8.10-160000.3.1.x86_64",
"product_id": "gnutls-3.8.10-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.10-160000.3.1.x86_64",
"product": {
"name": "libgnutls30-3.8.10-160000.3.1.x86_64",
"product_id": "libgnutls30-3.8.10-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.10-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64"
},
"product_reference": "gnutls-3.8.10-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.10-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le"
},
"product_reference": "gnutls-3.8.10-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.10-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x"
},
"product_reference": "gnutls-3.8.10-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.10-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64"
},
"product_reference": "gnutls-3.8.10-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.10-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64"
},
"product_reference": "libgnutls30-3.8.10-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.10-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le"
},
"product_reference": "libgnutls30-3.8.10-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.10-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x"
},
"product_reference": "libgnutls30-3.8.10-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.10-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
},
"product_reference": "libgnutls30-3.8.10-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33845"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33845",
"url": "https://www.suse.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "SUSE Bug 1263704 for CVE-2026-33845",
"url": "https://bugzilla.suse.com/1263704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "important"
}
],
"title": "CVE-2026-33845"
},
{
"cve": "CVE-2026-33846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33846"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33846",
"url": "https://www.suse.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "SUSE Bug 1263705 for CVE-2026-33846",
"url": "https://bugzilla.suse.com/1263705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "important"
}
],
"title": "CVE-2026-33846"
},
{
"cve": "CVE-2026-3832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-3832"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-3832",
"url": "https://www.suse.com/security/cve/CVE-2026-3832"
},
{
"category": "external",
"summary": "SUSE Bug 1263706 for CVE-2026-3832",
"url": "https://bugzilla.suse.com/1263706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-3832"
},
{
"cve": "CVE-2026-3833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-3833"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-3833",
"url": "https://www.suse.com/security/cve/CVE-2026-3833"
},
{
"category": "external",
"summary": "SUSE Bug 1263707 for CVE-2026-3833",
"url": "https://bugzilla.suse.com/1263707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-3833"
},
{
"cve": "CVE-2026-42009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42009"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42009",
"url": "https://www.suse.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "SUSE Bug 1263708 for CVE-2026-42009",
"url": "https://bugzilla.suse.com/1263708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "important"
}
],
"title": "CVE-2026-42009"
},
{
"cve": "CVE-2026-42010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42010"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest-Shamir-Adleman - Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42010",
"url": "https://www.suse.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "SUSE Bug 1263709 for CVE-2026-42010",
"url": "https://bugzilla.suse.com/1263709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "important"
}
],
"title": "CVE-2026-42010"
},
{
"cve": "CVE-2026-42011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42011"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42011",
"url": "https://www.suse.com/security/cve/CVE-2026-42011"
},
{
"category": "external",
"summary": "SUSE Bug 1263710 for CVE-2026-42011",
"url": "https://bugzilla.suse.com/1263710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-42011"
},
{
"cve": "CVE-2026-42012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42012"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42012",
"url": "https://www.suse.com/security/cve/CVE-2026-42012"
},
{
"category": "external",
"summary": "SUSE Bug 1263711 for CVE-2026-42012",
"url": "https://bugzilla.suse.com/1263711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "important"
}
],
"title": "CVE-2026-42012"
},
{
"cve": "CVE-2026-42013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42013"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42013",
"url": "https://www.suse.com/security/cve/CVE-2026-42013"
},
{
"category": "external",
"summary": "SUSE Bug 1263712 for CVE-2026-42013",
"url": "https://bugzilla.suse.com/1263712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-42013"
},
{
"cve": "CVE-2026-42014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42014"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42014",
"url": "https://www.suse.com/security/cve/CVE-2026-42014"
},
{
"category": "external",
"summary": "SUSE Bug 1263713 for CVE-2026-42014",
"url": "https://bugzilla.suse.com/1263713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-42014"
},
{
"cve": "CVE-2026-42015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42015"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42015",
"url": "https://www.suse.com/security/cve/CVE-2026-42015"
},
{
"category": "external",
"summary": "SUSE Bug 1263714 for CVE-2026-42015",
"url": "https://bugzilla.suse.com/1263714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-42015"
},
{
"cve": "CVE-2026-5260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5260"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5260",
"url": "https://www.suse.com/security/cve/CVE-2026-5260"
},
{
"category": "external",
"summary": "SUSE Bug 1263715 for CVE-2026-5260",
"url": "https://bugzilla.suse.com/1263715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-5260"
},
{
"cve": "CVE-2026-5419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5419"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5419",
"url": "https://www.suse.com/security/cve/CVE-2026-5419"
},
{
"category": "external",
"summary": "SUSE Bug 1263716 for CVE-2026-5419",
"url": "https://bugzilla.suse.com/1263716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:gnutls-3.8.10-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libgnutls30-3.8.10-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T10:06:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-5419"
}
]
}
WID-SEC-W-2026-1312
Vulnerability from csaf_certbund - Published: 2026-04-29 22:00 - Updated: 2026-05-20 22:00Summary
GnuTLS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: GnuTLS (GNU Transport Layer Security Library) ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein Angreifer kann mehrere Schwachstellen in GnuTLS ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source GnuTLS <3.8.13
Open Source / GnuTLS
|
<3.8.13 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "GnuTLS (GNU Transport Layer Security Library) ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in GnuTLS ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1312 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1312.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1312 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1312"
},
{
"category": "external",
"summary": "GnuTLS Security Advisories vom 2026-04-29",
"url": "https://gnutls.org/security-new.html"
},
{
"category": "external",
"summary": "Mailing list OSS-Security vom 2026-04-29",
"url": "https://seclists.org/oss-sec/2026/q2/288"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13274 vom 2026-05-03",
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10691-1 vom 2026-05-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OVIQ4J6D4X3DFRGJX5NN75GR6ETDFNGJ/"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-05-12",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6281 vom 2026-05-20",
"url": "https://security-tracker.debian.org/tracker/DSA-6281-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8284-1 vom 2026-05-20",
"url": "https://ubuntu.com/security/notices/USN-8284-1"
}
],
"source_lang": "en-US",
"title": "GnuTLS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-20T22:00:00.000+00:00",
"generator": {
"date": "2026-05-21T07:57:41.033+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1312",
"initial_release_date": "2026-04-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat und European Union Vulnerability Database aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-26926"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von European Union Vulnerability Database und openSUSE aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Referenz(en) aufgenommen: EUVD-2026-30769"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.13",
"product": {
"name": "Open Source GnuTLS \u003c3.8.13",
"product_id": "T053415"
}
},
{
"category": "product_version",
"name": "3.8.13",
"product": {
"name": "Open Source GnuTLS 3.8.13",
"product_id": "T053415-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gnu:gnutls:3.8.13"
}
}
}
],
"category": "product_name",
"name": "GnuTLS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33845",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-33845"
},
{
"cve": "CVE-2026-33846",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-33846"
},
{
"cve": "CVE-2026-3832",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-3832"
},
{
"cve": "CVE-2026-3833",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-3833"
},
{
"cve": "CVE-2026-42009",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42009"
},
{
"cve": "CVE-2026-42010",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42010"
},
{
"cve": "CVE-2026-42011",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42011"
},
{
"cve": "CVE-2026-42012",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42012"
},
{
"cve": "CVE-2026-42013",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42013"
},
{
"cve": "CVE-2026-42014",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42014"
},
{
"cve": "CVE-2026-42015",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-42015"
},
{
"cve": "CVE-2026-5260",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-5260"
},
{
"cve": "CVE-2026-5419",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T053415",
"T049210"
]
},
"release_date": "2026-04-29T22:00:00.000+00:00",
"title": "CVE-2026-5419"
}
]
}