[SECURITY] [DLA 4267-1] gnutls28 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4267-1] gnutls28 security update
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 9 Aug 2025 18:35:26 +0300
Message-id: <[🔎] aJdqvt6xHkUDHgJg@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4267-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
August 09, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gnutls28
Version        : 3.7.1-5+deb11u8
CVE ID         : CVE-2025-6395 CVE-2025-32988 CVE-2025-32990

Multiple vulnerabilities have been fixed in GnuTLS, a library  
implementing the SSL, TLS and DTLS protocols.

CVE-2025-6395

    NULL dereference when 2nd Client Hello omits PSK

CVE-2025-32988

    Double-free upon error when exporting otherName in SAN

CVE-2025-32990

    1-byte write buffer overrun in certtool

For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u8.

We recommend that you upgrade your gnutls28 packages.

For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiXar4ACgkQiNJCh6LY
mLEsRhAAodXh9Ve50GgGfQa3LgToUP8Cyd3qCh6RxPkfsTWmkhL18Rp/JD6hiBdn
FH+DUypP9hT/TBaYsTY3O4POQ3UVEATqRlvza/SLlN5b6mYh1+4ecGEyVAw0TFrB
wUOQrtn3B4j1qLLPrB1+Rk0XBNua7/Kc+6aCZImEsYlK4aFsputvKYlKQ5DrsA4f
Gp9hgLFXyp5ebywhXF8GEFrxPaYJ8DebD+LRxhI88rsNM3dKdvuSxzZ8uXQVfBNs
5rNmj52vQjaCpr7TV3gi8gu2rNTS6PJx7IQhyjULSFawcjesWBxt/omKfCeF/3I/
KVxMNe5ht7OHa0Zrv/iKgO1ka7Qp6twsxWnHZxyMa80kVEHOx5Lq2uQvMjTfyoIm
l2ZC/AMfcB9ceuGAT9IimlUZulvt9+U3V2ZDpNDOnY4oRbyKFYnAvALm/ep3Zi1q
4w8EP40GG8b1Sc/w9bMYqGy+uT3prLOH8bT+veFJ0R26KQvo60e8WUjyUM0/0xkO
sG/stKjwWdnbQaitYLVS4Occ2Srpnh7Ihdsg+gFhX9ENQaP6oXwWd2yB/DUQf8wI
IabU2xoDZ7nnJTZjHRvK5y2ygXv2rHHgs4vyS3vl6vyq1uYekJybBsGZ7C2CbbIL
D7G3VGaOv1xoG3Kvm4WI4nSI6mA0l9CUt/7JK+Xkyeh5bFxNKCk=
=0zIa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4265-1] modsecurity-crs security update
Next by Date: [SECURITY] [DLA 4266-1] distro-info-data database update
Previous by thread: [SECURITY] [DLA 4265-1] modsecurity-crs security update
Next by thread: [SECURITY] [DLA 4266-1] distro-info-data database update
Index(es):
- Date
- Thread