[ol8_u4_security_validation] gnutls-c++-10:3.6.16-8.el8_10.6_fips.i686

Name:	gnutls-c++
Epoch:	10
Version:	3.6.16
Release:	8.el8_10.6_fips
Architecture:	i686
Group:	System Environment/Libraries
Size:	66108
License:	GPLv3+ and LGPLv2+
RPM:	gnutls-c++-3.6.16-8.el8_10.6_fips.i686.rpm
Source RPM:	gnutls-3.6.16-8.el8_10.6_fips.src.rpm
Build Date:	Wed Jun 17 2026
Build Host:	build-ol8-i386.oracle.com
Vendor:	Oracle America
URL:	http://www.gnutls.org/
Summary:	The C++ interface to GnuTLS
Description:	GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures.

Changelog (Show File list) (Show related packages)

Wed Jun 17 2026 Akshata Konala <akshata.konala@oracle.com> - 3.6.16-8.6_fips

- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length
  as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]
- Allow bigger known RSA modulus sizes when calling
  rsa_generate_fips186_4_keypair directly [Orabug: 33200526]
- Change Epoch from 1 to 10

Thu Apr 30 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.6.16-8.6

- Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite)
- Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour)
- Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread)
- Fix CVE-2026-42010 (PSK authentication, High, authentication bypass)
- Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass)
- Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse)
- Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free)
- Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread)
- Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite)
- Fix upstream security issue #1808 (PSK rehandshake)
- Fix upstream security issue #1810 (EKU OID prefix match)
- Fix upstream security issue #1818 (RSA correctness, OpenSSL format import)
- Fix upstream security issue #1819 (PKCS#11 trust removal error path)
- Fix upstream security issue #1817 (session parameter loading robustness)

Thu Feb 12 2026 Alexander Sosedkin <asosedki@redhat.com> - 3.6.16-8.5
```
- Backport the fixes for CVE-2025-9820 and CVE-2025-14831
```

Wed Feb 12 2025 Alexander Sosedkin <asosedki@redhat.com> - 3.6.16-8.4

- Backport the fixes for CVE-2025-6395, CVE-2025-32988 and CVE-2025-32990

Wed Feb 12 2025 Alexander Sosedkin <asosedki@redhat.com> - 3.6.16-8.3
```
- Backport the fix for CVE-2024-12243
```

Mon Mar 25 2024 Daiki Ueno <dueno@redhat.com> - 3.6.16-8.2

- Fix timing side-channel in deterministic ECDSA (RHEL-35231)

Mon Jan 22 2024 Daiki Ueno <dueno@redhat.com> - 3.6.16-8.1

- auth/rsa-psk: minimize branching after decryption (RHEL-21550)

Wed Dec 06 2023 Daiki Ueno <dueno@redhat.com> - 3.6.16-8

- auth/rsa_psk: side-step potential side-channel (RHEL-16754)

Mon Jun 26 2023 Daiki Ueno <dueno@redhat.com> - 3.6.16-7

- Clear server's session ticket indication at rehandshake (#2089817)

Thu Feb 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.6.16-6

- Fix x86_64 CPU feature detection when AVX is not available (#2131152)
- Fix timing side-channel in TLS RSA key exchange (#2162598)