Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
Список пакетов
Container bci/kiwi:latest
libgnutls30-3.8.3-150600.4.6.2
Container bci/php-apache:latest
libgnutls30-3.8.3-150600.4.6.2
Container bci/php-fpm:latest
libgnutls30-3.8.3-150600.4.6.2
Container bci/php:latest
libgnutls30-3.8.3-150600.4.6.2
Container bci/spack:0.23
libgnutls30-3.8.3-150600.4.6.2
Container bci/spack:latest
libgnutls30-3.8.3-150600.4.6.2
Container containers/open-webui:0
libgnutls30-3.8.3-150600.4.6.2
Container suse/sles/15.7/cdi-importer:1.58.0
libgnutls30-3.8.3-150600.4.6.2
Container suse/sles/15.7/cdi-uploadserver:1.58.0
libgnutls30-3.8.3-150600.4.6.2
Container suse/sles/15.7/libguestfs-tools:1.4.0
libgnutls30-3.8.3-150600.4.6.2
Container suse/sles/15.7/virt-handler:1.4.0
libgnutls30-3.8.3-150600.4.6.2
Container suse/sles/15.7/virt-launcher:1.4.0
gnutls-3.8.3-150600.4.6.2
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS-Azure
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS-EC2
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS-GCE
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS-GDC
libgnutls30-3.8.3-150600.4.6.2
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
libgnutls30-3.8.3-150600.4.6.2
SUSE Linux Enterprise Module for Basesystem 15 SP6
gnutls-3.8.3-150600.4.6.2
libgnutls-devel-3.8.3-150600.4.6.2
libgnutls30-3.8.3-150600.4.6.2
libgnutls30-32bit-3.8.3-150600.4.6.2
libgnutlsxx-devel-3.8.3-150600.4.6.2
libgnutlsxx30-3.8.3-150600.4.6.2
openSUSE Leap 15.6
gnutls-3.8.3-150600.4.6.2
libgnutls-devel-3.8.3-150600.4.6.2
libgnutls-devel-32bit-3.8.3-150600.4.6.2
libgnutls30-3.8.3-150600.4.6.2
libgnutls30-32bit-3.8.3-150600.4.6.2
libgnutlsxx-devel-3.8.3-150600.4.6.2
libgnutlsxx30-3.8.3-150600.4.6.2
Ссылки
- Link for SUSE-SU-2025:0764-1
- E-Mail link for SUSE-SU-2025:0764-1
- SUSE Security Ratings
- SUSE Bug 1236974
- SUSE CVE CVE-2024-12243 page
Описание
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
Затронутые продукты
Container bci/kiwi:latest:libgnutls30-3.8.3-150600.4.6.2
Container bci/php-apache:latest:libgnutls30-3.8.3-150600.4.6.2
Container bci/php-fpm:latest:libgnutls30-3.8.3-150600.4.6.2
Container bci/php:latest:libgnutls30-3.8.3-150600.4.6.2
Ссылки
- CVE-2024-12243
- SUSE Bug 1236974