Security update for gnutls SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02520-1 Final 1 1 2025-07-25T09:04:08Z current 2025-07-25T09:04:08Z 2025-07-25T09:04:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnutls This update for gnutls fixes the following issues: - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2520,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2520 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502520-1/ Link for SUSE-SU-2025:02520-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040914.html E-Mail link for SUSE-SU-2025:02520-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1246267 SUSE Bug 1246267 https://www.suse.com/security/cve/CVE-2025-32990/ SUSE CVE CVE-2025-32990 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 gnutls-3.3.27-3.12.1 libgnutls-devel-3.3.27-3.12.1 libgnutls-devel-32bit-3.3.27-3.12.1 libgnutls-devel-64bit-3.3.27-3.12.1 libgnutls-openssl-devel-3.3.27-3.12.1 libgnutls-openssl27-3.3.27-3.12.1 libgnutls28-3.3.27-3.12.1 libgnutls28-32bit-3.3.27-3.12.1 libgnutls28-64bit-3.3.27-3.12.1 libgnutlsxx-devel-3.3.27-3.12.1 libgnutlsxx28-3.3.27-3.12.1 gnutls-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutls-devel-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutls-openssl-devel-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutls-openssl27-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutls28-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutls28-32bit-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgnutlsxx-devel-3.3.27-3.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. CVE-2025-32990 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gnutls-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-devel-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-openssl-devel-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls-openssl27-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls28-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutls28-32bit-3.3.27-3.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgnutlsxx-devel-3.3.27-3.12.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502520-1/ https://www.suse.com/security/cve/CVE-2025-32990.html CVE-2025-32990 https://bugzilla.suse.com/1246267 SUSE Bug 1246267