Not a user yet?
Log in Register for free Suggest a product
Update

USN-8043-1: GnuTLS vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-8043-1: GnuTLS vulnerabilities

Publication date: 16 February 2026
Overview: Several security issues were fixed in GnuTLS.

Packages
gnutls28 - GNU TLS library

Details
Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious
certificates containing a large number of name constraints and subject
alternative names. A remote attacker could possibly use this issue to
cause GnuTLS to consume resources, resulting in a denial of service.
(CVE-2025-14831)

Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11
token labels. A remote attacker could use this issue to cause GnuTLS to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability to a denial of service. (CVE-2025-9820)

Update instructions
The problem can be corrected by updating your system to the following package versions:

  • 25.10 questing libgnutls30t64 – 3.8.9-3ubuntu2.1
  • 24.04 LTS noble libgnutls30t64 – 3.8.3-1.1ubuntu3.5
  • 22.04 LTS jammy libgnutls30 – 3.7.3-4ubuntu1.8
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad