SUSE-SU-2026:0829-1

Опубликовано: 05 мар. 2026

Источник: suse-cvrf

Описание

Security update for gnutls

This update for gnutls fixes the following issues:

Security issue:

CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (bsc#1257960).

Other updates and bugfixes:

update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753).
lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
tests/psk-file: Add testing for _credentials2 functions
lib/psk: add null check for binder algo
pre_shared_key: fix memleak when retrying with different binder algo
pre_shared_key: add null check on pskcred

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP7

gnutls-3.8.3-150600.4.17.1

libgnutls-devel-3.8.3-150600.4.17.1

libgnutls30-3.8.3-150600.4.17.1

libgnutls30-32bit-3.8.3-150600.4.17.1

libgnutlsxx-devel-3.8.3-150600.4.17.1

libgnutlsxx30-3.8.3-150600.4.17.1

openSUSE Leap 15.6

gnutls-3.8.3-150600.4.17.1

libgnutls-devel-3.8.3-150600.4.17.1

libgnutls-devel-32bit-3.8.3-150600.4.17.1

libgnutls30-3.8.3-150600.4.17.1

libgnutls30-32bit-3.8.3-150600.4.17.1

libgnutlsxx-devel-3.8.3-150600.4.17.1

libgnutlsxx30-3.8.3-150600.4.17.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260829-1/
Link for SUSE-SU-2026:0829-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024630.html
E-Mail link for SUSE-SU-2026:0829-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1257960
SUSE Bug 1257960
https://bugzilla.suse.com/1258083
SUSE Bug 1258083
https://www.suse.com/security/cve/CVE-2025-14831/
SUSE CVE CVE-2025-14831 page

Описание

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP7:gnutls-3.8.3-150600.4.17.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls-devel-3.8.3-150600.4.17.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-3.8.3-150600.4.17.1

SUSE Linux Enterprise Module for Basesystem 15 SP7:libgnutls30-32bit-3.8.3-150600.4.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14831.html
CVE-2025-14831
https://bugzilla.suse.com/1257960
SUSE Bug 1257960

SUSE-SU-2026:0829-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-14831

Описание

Затронутые продукты

Ссылки