[SECURITY] [DLA 4267-1] gnutls28 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4267-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
August 09, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : gnutls28
Version : 3.7.1-5+deb11u8
CVE ID : CVE-2025-6395 CVE-2025-32988 CVE-2025-32990
Multiple vulnerabilities have been fixed in GnuTLS, a library
implementing the SSL, TLS and DTLS protocols.
CVE-2025-6395
NULL dereference when 2nd Client Hello omits PSK
CVE-2025-32988
Double-free upon error when exporting otherName in SAN
CVE-2025-32990
1-byte write buffer overrun in certtool
For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u8.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiXar4ACgkQiNJCh6LY
mLEsRhAAodXh9Ve50GgGfQa3LgToUP8Cyd3qCh6RxPkfsTWmkhL18Rp/JD6hiBdn
FH+DUypP9hT/TBaYsTY3O4POQ3UVEATqRlvza/SLlN5b6mYh1+4ecGEyVAw0TFrB
wUOQrtn3B4j1qLLPrB1+Rk0XBNua7/Kc+6aCZImEsYlK4aFsputvKYlKQ5DrsA4f
Gp9hgLFXyp5ebywhXF8GEFrxPaYJ8DebD+LRxhI88rsNM3dKdvuSxzZ8uXQVfBNs
5rNmj52vQjaCpr7TV3gi8gu2rNTS6PJx7IQhyjULSFawcjesWBxt/omKfCeF/3I/
KVxMNe5ht7OHa0Zrv/iKgO1ka7Qp6twsxWnHZxyMa80kVEHOx5Lq2uQvMjTfyoIm
l2ZC/AMfcB9ceuGAT9IimlUZulvt9+U3V2ZDpNDOnY4oRbyKFYnAvALm/ep3Zi1q
4w8EP40GG8b1Sc/w9bMYqGy+uT3prLOH8bT+veFJ0R26KQvo60e8WUjyUM0/0xkO
sG/stKjwWdnbQaitYLVS4Occ2Srpnh7Ihdsg+gFhX9ENQaP6oXwWd2yB/DUQf8wI
IabU2xoDZ7nnJTZjHRvK5y2ygXv2rHHgs4vyS3vl6vyq1uYekJybBsGZ7C2CbbIL
D7G3VGaOv1xoG3Kvm4WI4nSI6mA0l9CUt/7JK+Xkyeh5bFxNKCk=
=0zIa
-----END PGP SIGNATURE-----
Reply to: