Package "libgnutls30t64"
| Name: |
libgnutls30t64
|
Description: |
GNU TLS library - main runtime library
|
| Latest version: |
3.8.3-1.1ubuntu3.4 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
gnutls28 |
| Homepage: |
https://www.gnutls.org/ |
Links
Download "libgnutls30t64"
Other versions of "libgnutls30t64" in Noble
Changelog
|
gnutls28 (3.8.3-1.1ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: OOB read via malformed length field in SCT extension
- debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
timestamps in lib/x509/x509_ext.c.
- CVE-2025-32989
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Marc Deslauriers <email address hidden> Fri, 11 Jul 2025 08:58:05 -0400
|
| Source diff to previous version |
| CVE-2025-32988 |
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternati |
| CVE-2025-32989 |
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) exten |
| CVE-2025-32990 |
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads ce |
| CVE-2025-6395 |
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a templa |
|
|
gnutls28 (3.8.3-1.1ubuntu3.3) noble-security; urgency=medium
* SECURITY UPDATE: resource consumption issue when decoding DER-encoded
certificate data
- debian/patches/CVE-2024-12243.patch: optimize name constraints
processing in lib/datum.c, lib/x509/name_constraints.c,
lib/x509/x509_ext.c, lib/x509/x509_ext_int.h, lib/x509/x509_int.h.
- CVE-2024-12243
-- Marc Deslauriers <email address hidden> Wed, 12 Feb 2025 09:55:11 -0500
|
| Source diff to previous version |
| CVE-2024-12243 |
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-enc |
|
|
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400
|
| CVE-2024-28834 |
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading |
| CVE-2024-28835 |
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "c |
|
About
-
Send Feedback to @ubuntu_updates
