Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
gnutls-3.3.27-3.12.1
libgnutls-devel-3.3.27-3.12.1
libgnutls-openssl-devel-3.3.27-3.12.1
libgnutls-openssl27-3.3.27-3.12.1
libgnutls28-3.3.27-3.12.1
libgnutls28-32bit-3.3.27-3.12.1
libgnutlsxx-devel-3.3.27-3.12.1
Ссылки
- Link for SUSE-SU-2025:02520-1
- E-Mail link for SUSE-SU-2025:02520-1
- SUSE Security Ratings
- SUSE Bug 1246267
- SUSE CVE CVE-2025-32990 page
Описание
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnutls-3.3.27-3.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-devel-3.3.27-3.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-openssl-devel-3.3.27-3.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-openssl27-3.3.27-3.12.1
Ссылки
- CVE-2025-32990
- SUSE Bug 1246267