Red Hat Product Errata RHSA-2026:20611 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20611 - Security Advisory Overview Updated Packages Synopsis Important: gnutls security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Please update the gnutls packages to provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): gnutls: Add more checks to DTLS reassembly (CVE-2026-33846) gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009) gnutls: Fix crashing on an underflow with a DTLS datagram (CVE-2026-33845) gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010) gnutls: Fix case-sensitivity of domain name comparison in name constraints (CVE-2026-3833) gnutls: Fix intersecting empty constraints (CVE-2026-42011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2445763 - CVE-2026-3833 gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison BZ - 2450624 - CVE-2026-33845 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment BZ - 2450625 - CVE-2026-33846 gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly BZ - 2467279 - CVE-2026-42009 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability BZ - 2467289 - CVE-2026-42010 gnutls: gnutls: Authentication Bypass via NUL Character in Username BZ - 2467437 - CVE-2026-42011 gnutls: gnutls: Security bypass due to incorrect name constraint handling CVEs CVE-2026-3833 CVE-2026-5260 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM gnutls-3.6.16-8.el8_10.6.src.rpm SHA-256: b60ad75dca21d2fec1c4eabdc7320d6dcd054412470328b4ecb36bf8ab841a04 x86_64 gnutls-3.6.16-8.el8_10.6.i686.rpm SHA-256: 27cfc8977542a30dac1cab33d2bcdd5f64447bb2e4b8fb36ee5f7d1e44d266a8 gnutls-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 22fd4296ebae0ea5f5e9af875c0095fcd6a2d33e6dd434a3fe21f1e17958e748 gnutls-c++-3.6.16-8.el8_10.6.i686.rpm SHA-256: 5911497efdf2e412ba1d8433de7bd7e21ec8a99e6cb3deaab2870737425e65e1 gnutls-c++-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 4587ddfa19d77ad79e447fdc3aa57e3db65c548df3e0f7f1c8c4ebd9e563d5ec gnutls-c++-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: f23ba1c154985e70385b83abb4e851b9734f775a28071dbfa85b5b611a5465b5 gnutls-c++-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: f23ba1c154985e70385b83abb4e851b9734f775a28071dbfa85b5b611a5465b5 gnutls-c++-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 679564274739c635c454b1f285ba7df02fbf87e0730fc475438f39d709fa4194 gnutls-c++-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 679564274739c635c454b1f285ba7df02fbf87e0730fc475438f39d709fa4194 gnutls-dane-3.6.16-8.el8_10.6.i686.rpm SHA-256: 5241b32020826a48694fa6ac0a8604bf34678e2def6f2f515a864f0591924fc2 gnutls-dane-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: d668fea44a4a73ed0437957330139037c1201bfbfe3a80c54ff9552b2a08ccfa gnutls-dane-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: fd7acfc9df0c60d4a2eb97eeb2dd2210120428b02625683a945a758208322c05 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: fd7acfc9df0c60d4a2eb97eeb2dd2210120428b02625683a945a758208322c05 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: b787e52f0e56115128031fe5d4d3476d858eab163a11e56490fec73533ee6e60 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: b787e52f0e56115128031fe5d4d3476d858eab163a11e56490fec73533ee6e60 gnutls-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: b542eac0405d69c670a22574986297ec541c76db662d9cc96573b120a1c9b8e3 gnutls-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: b542eac0405d69c670a22574986297ec541c76db662d9cc96573b120a1c9b8e3 gnutls-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 8ecb492bf1af76f14dfbc9875cc629b2a57826455c5329b3c2235b511c83b292 gnutls-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 8ecb492bf1af76f14dfbc9875cc629b2a57826455c5329b3c2235b511c83b292 gnutls-debugsource-3.6.16-8.el8_10.6.i686.rpm SHA-256: 389eee5e8e6235b0a5d4a557a65ad81650e639acff1df9721b4758cbe98c4246 gnutls-debugsource-3.6.16-8.el8_10.6.i686.rpm SHA-256: 389eee5e8e6235b0a5d4a557a65ad81650e639acff1df9721b4758cbe98c4246 gnutls-debugsource-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: ad511b67759e4a1aca10ef45f47a97ac95404e12a38bc9352d3c291e76da1ae0 gnutls-debugsource-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: ad511b67759e4a1aca10ef45f47a97ac95404e12a38bc9352d3c291e76da1ae0 gnutls-devel-3.6.16-8.el8_10.6.i686.rpm SHA-256: e819a57daf6679a1717a7ac59873f2ccb12ebc76f8cbb3416d89d4160cab3414 gnutls-devel-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: a016aae4875870d2b1e66a3744760a60c88a6b0be1284b1636f6265697644e51 gnutls-utils-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: 2a4739b9db52beb61ec99f67e74cceb3465eed4e10a67848072d2407d6f1535f gnutls-utils-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: 5d7d5bf0acc93084d60748bf4eedd0304eaff6f52998478e9418533744811f50 gnutls-utils-debuginfo-3.6.16-8.el8_10.6.i686.rpm SHA-256: 5d7d5bf0acc93084d60748bf4eedd0304eaff6f52998478e9418533744811f50 gnutls-utils-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: b1b868dadf1de5c3e42be2053ea7a528ab5074cd09ba154244231cfa9ccd1e77 gnutls-utils-debuginfo-3.6.16-8.el8_10.6.x86_64.rpm SHA-256: b1b868dadf1de5c3e42be2053ea7a528ab5074cd09ba154244231cfa9ccd1e77 Red Hat Enterprise Linux for IBM z Systems 8 SRPM gnutls-3.6.16-8.el8_10.6.src.rpm SHA-256: b60ad75dca21d2fec1c4eabdc7320d6dcd054412470328b4ecb36bf8ab841a04 s390x gnutls-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 6a8be4b74fe447f6034acfbdffa0c4fea23447523704644ef9b303696fc4106e gnutls-c++-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 23952dda0f3730568273a97c3ed015131a9815cb1529afedb053991d022348f5 gnutls-c++-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 38e50e178fe6d12cc34191a8ab345339575f02b34d253c0c3147a5bdd3f4924b gnutls-c++-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 38e50e178fe6d12cc34191a8ab345339575f02b34d253c0c3147a5bdd3f4924b gnutls-dane-3.6.16-8.el8_10.6.s390x.rpm SHA-256: c15bfb994bb2b2cc0ae63813f0fee796fcbe109cadcae8a63582abb9f257696b gnutls-dane-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: f1f985aa3f2a419000c1474732aa7419c88ea39da2d1fd8eb98684e8000f7f73 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: f1f985aa3f2a419000c1474732aa7419c88ea39da2d1fd8eb98684e8000f7f73 gnutls-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 98fd029dd5229211524621d096c2aae3e56185196ce132736439f68181834855 gnutls-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 98fd029dd5229211524621d096c2aae3e56185196ce132736439f68181834855 gnutls-debugsource-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 0c8023aa1a9abce7610638ffbfe9414a90d91ba88cf54c768e0473a955de89c6 gnutls-debugsource-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 0c8023aa1a9abce7610638ffbfe9414a90d91ba88cf54c768e0473a955de89c6 gnutls-devel-3.6.16-8.el8_10.6.s390x.rpm SHA-256: a2d2a650a10acf5a8556a0ad00c66fa5cc930e28c3765dd6d101d8145d5112b2 gnutls-utils-3.6.16-8.el8_10.6.s390x.rpm SHA-256: 7aa5613538a5aef1230cf190cfac0f4c5029fe0de5c990de573e5936b1e4281c gnutls-utils-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: f1b52d1ddead7af7cceebca9e45dbc941fa059c7ac3092fb8f0ba3087317680a gnutls-utils-debuginfo-3.6.16-8.el8_10.6.s390x.rpm SHA-256: f1b52d1ddead7af7cceebca9e45dbc941fa059c7ac3092fb8f0ba3087317680a Red Hat Enterprise Linux for Power, little endian 8 SRPM gnutls-3.6.16-8.el8_10.6.src.rpm SHA-256: b60ad75dca21d2fec1c4eabdc7320d6dcd054412470328b4ecb36bf8ab841a04 ppc64le gnutls-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: e26105f12e181a1ac1c4f83cde3767b7ee6baecadac8051877e4456e5db41b75 gnutls-c++-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: babeaeb19b682c876586fdf0caa0ae1c8fbabf1d02b7bfc7fb56ca1335069e30 gnutls-c++-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: 319dc175c45ac7c0eb3268a73c5405a22f57ecd908550c49d0afcfc3ccf2deca gnutls-c++-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: 319dc175c45ac7c0eb3268a73c5405a22f57ecd908550c49d0afcfc3ccf2deca gnutls-dane-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: 4a2977e78feb0b02a57152fcfa99f5e28eb2a530db85ea0c69a499f5829cfbc1 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: 3a50c1eec88286729988431f67667452e7180b507808d3f0f542cf90c9a57453 gnutls-dane-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: 3a50c1eec88286729988431f67667452e7180b507808d3f0f542cf90c9a57453 gnutls-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm SHA-256: cc9144259f18d2a97ed72a099053b7c10a67646fcad0505f6b671a11c20e6505 gnutls-debuginfo-3.6.16-8.el8_10.6.ppc64le.rpm