[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4267-1] gnutls28 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4267-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
August 09, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gnutls28
Version        : 3.7.1-5+deb11u8
CVE ID         : CVE-2025-6395 CVE-2025-32988 CVE-2025-32990

Multiple vulnerabilities have been fixed in GnuTLS, a library  
implementing the SSL, TLS and DTLS protocols.

CVE-2025-6395

    NULL dereference when 2nd Client Hello omits PSK

CVE-2025-32988

    Double-free upon error when exporting otherName in SAN

CVE-2025-32990

    1-byte write buffer overrun in certtool

For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u8.

We recommend that you upgrade your gnutls28 packages.

For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiXar4ACgkQiNJCh6LY
mLEsRhAAodXh9Ve50GgGfQa3LgToUP8Cyd3qCh6RxPkfsTWmkhL18Rp/JD6hiBdn
FH+DUypP9hT/TBaYsTY3O4POQ3UVEATqRlvza/SLlN5b6mYh1+4ecGEyVAw0TFrB
wUOQrtn3B4j1qLLPrB1+Rk0XBNua7/Kc+6aCZImEsYlK4aFsputvKYlKQ5DrsA4f
Gp9hgLFXyp5ebywhXF8GEFrxPaYJ8DebD+LRxhI88rsNM3dKdvuSxzZ8uXQVfBNs
5rNmj52vQjaCpr7TV3gi8gu2rNTS6PJx7IQhyjULSFawcjesWBxt/omKfCeF/3I/
KVxMNe5ht7OHa0Zrv/iKgO1ka7Qp6twsxWnHZxyMa80kVEHOx5Lq2uQvMjTfyoIm
l2ZC/AMfcB9ceuGAT9IimlUZulvt9+U3V2ZDpNDOnY4oRbyKFYnAvALm/ep3Zi1q
4w8EP40GG8b1Sc/w9bMYqGy+uT3prLOH8bT+veFJ0R26KQvo60e8WUjyUM0/0xkO
sG/stKjwWdnbQaitYLVS4Occ2Srpnh7Ihdsg+gFhX9ENQaP6oXwWd2yB/DUQf8wI
IabU2xoDZ7nnJTZjHRvK5y2ygXv2rHHgs4vyS3vl6vyq1uYekJybBsGZ7C2CbbIL
D7G3VGaOv1xoG3Kvm4WI4nSI6mA0l9CUt/7JK+Xkyeh5bFxNKCk=
=0zIa
-----END PGP SIGNATURE-----


Reply to: