UBUNTU-CVE-2026-5419

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-5419

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5419.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-5419

Upstream

CVE-2026-5419

Downstream

USN-8284-1

Related

USN-8284-1

Published

2026-04-30T00:00:00Z

Modified

2026-06-03T13:42:49.179549133Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

References

Affected packages

Ubuntu:24.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.3-1.1ubuntu3.6

Affected versions

3.*

3.8.1-4ubuntu1

3.8.1-4ubuntu6

3.8.1-4ubuntu7

3.8.3-1ubuntu1

3.8.3-1.1ubuntu2

3.8.3-1.1ubuntu3

3.8.3-1.1ubuntu3.1

3.8.3-1.1ubuntu3.2

3.8.3-1.1ubuntu3.3

3.8.3-1.1ubuntu3.4

3.8.3-1.1ubuntu3.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gnutls-bin",
            "binary_version": "3.8.3-1.1ubuntu3.6"
        },
        {
            "binary_name": "libgnutls-dane0t64",
            "binary_version": "3.8.3-1.1ubuntu3.6"
        },
        {
            "binary_name": "libgnutls-openssl27t64",
            "binary_version": "3.8.3-1.1ubuntu3.6"
        },
        {
            "binary_name": "libgnutls30t64",
            "binary_version": "3.8.3-1.1ubuntu3.6"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5419.json"

Ubuntu:Pro:FIPS-updates:24.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28?arch=source&distro=fips-updates%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.3-1.1ubuntu3.6+Fips1.2

Affected versions

3.*

3.8.3-1.1ubuntu3.1+Fips1

3.8.3-1.1ubuntu3.4+Fips1

3.8.3-1.1ubuntu3.4+Fips1.1

3.8.3-1.1ubuntu3.5+Fips1.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gnutls-bin",
            "binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
        },
        {
            "binary_name": "libgnutls-dane0t64",
            "binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
        },
        {
            "binary_name": "libgnutls-openssl27t64",
            "binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
        },
        {
            "binary_name": "libgnutls30t64",
            "binary_version": "3.8.3-1.1ubuntu3.6+Fips1.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5419.json"

Ubuntu:25.10 / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.9-3ubuntu2.2

Affected versions

3.*

3.8.9-2ubuntu3

3.8.9-3ubuntu1

3.8.9-3ubuntu2

3.8.9-3ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gnutls-bin",
            "binary_version": "3.8.9-3ubuntu2.2"
        },
        {
            "binary_name": "libgnutls-dane0t64",
            "binary_version": "3.8.9-3ubuntu2.2"
        },
        {
            "binary_name": "libgnutls-openssl27t64",
            "binary_version": "3.8.9-3ubuntu2.2"
        },
        {
            "binary_name": "libgnutls30t64",
            "binary_version": "3.8.9-3ubuntu2.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5419.json"

Ubuntu:26.04:LTS / gnutls28

Package

Name: gnutls28
Purl: pkg:deb/ubuntu/gnutls28?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.12-2ubuntu1.1

Affected versions

3.*

3.8.9-3ubuntu2

3.8.10-3ubuntu1

3.8.12-2ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gnutls-bin",
            "binary_version": "3.8.12-2ubuntu1.1"
        },
        {
            "binary_name": "libgnutls-dane0t64",
            "binary_version": "3.8.12-2ubuntu1.1"
        },
        {
            "binary_name": "libgnutls-openssl27t64",
            "binary_version": "3.8.12-2ubuntu1.1"
        },
        {
            "binary_name": "libgnutls30t64",
            "binary_version": "3.8.12-2ubuntu1.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5419.json"