-------------------------------------------------------------------------
Debian LTS Advisory DLA-4492-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
February 25, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : gnutls28
Version : 3.7.1-5+deb11u9
CVE ID : CVE-2025-9820 CVE-2025-14831
Debian Bug : 1121146
Vulnerabilities were found in GnuTLS, a portable library which
implements the Transport Layer Security and Datagram Transport Layer
Security protocols, which may lead to Denial of Service.
CVE-2025-9820
An out-of-bound write issue was discovered when a PKCS#11 token is
initialized with the `gnutls_pkcs11_token_init()` function and it is
passed a token label longer than 32 characters.
CVE-2025-14831
Tim Scheckenbach discovered that verifying specially crafted
malicious certificates containing a large number of name constraints
and subject alternative names (SANs) could lead to resource
exhaustion.
For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u9.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature