Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960)
- CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
- Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1254132
- SUSE Bug 1257960
- SUSE Bug 1258083
- SUSE CVE CVE-2025-14831 page
- SUSE CVE CVE-2025-9820 page
Описание
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Затронутые продукты
Ссылки
- CVE-2025-14831
- SUSE Bug 1257960
Описание
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Затронутые продукты
Ссылки
- CVE-2025-9820
- SUSE Bug 1254132