Security update for gnutls SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0764-1 Final 1 1 2025-03-03T08:43:38Z current 2025-03-03T08:43:38Z 2025-03-03T08:43:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnutls This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/kiwi:latest-2025-764,Container bci/php-apache:latest-2025-764,Container bci/php-fpm:latest-2025-764,Container bci/php:latest-2025-764,Container bci/spack:0.23-2025-764,Container bci/spack:latest-2025-764,Container containers/open-webui:0-2025-764,Container suse/sles/15.7/cdi-importer:1.58.0-2025-764,Container suse/sles/15.7/cdi-uploadserver:1.58.0-2025-764,Container suse/sles/15.7/libguestfs-tools:1.4.0-2025-764,Container suse/sles/15.7/virt-handler:1.4.0-2025-764,Container suse/sles/15.7/virt-launcher:1.4.0-2025-764,Image SLES15-SP6-CHOST-BYOS-2025-764,Image SLES15-SP6-CHOST-BYOS-Azure-2025-764,Image SLES15-SP6-CHOST-BYOS-EC2-2025-764,Image SLES15-SP6-CHOST-BYOS-GCE-2025-764,Image SLES15-SP6-CHOST-BYOS-GDC-2025-764,Image SLES15-SP6-CHOST-BYOS-SAP-CCloud-2025-764,SUSE-2025-764,SUSE-SLE-Module-Basesystem-15-SP6-2025-764,openSUSE-SLE-15.6-2025-764 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250764-1/ Link for SUSE-SU-2025:0764-1 https://lists.suse.com/pipermail/sle-security-updates/2025-March/020473.html E-Mail link for SUSE-SU-2025:0764-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236974 SUSE Bug 1236974 https://www.suse.com/security/cve/CVE-2024-12243/ SUSE CVE CVE-2024-12243 page Container bci/kiwi:latest Container bci/php-apache:latest Container bci/php-fpm:latest Container bci/php:latest Container bci/spack:0.23 Container bci/spack:latest Container containers/open-webui:0 Container suse/sles/15.7/cdi-importer:1.58.0 Container suse/sles/15.7/cdi-uploadserver:1.58.0 Container suse/sles/15.7/libguestfs-tools:1.4.0 Container suse/sles/15.7/virt-handler:1.4.0 Container suse/sles/15.7/virt-launcher:1.4.0 Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud SUSE Linux Enterprise Module for Basesystem 15 SP6 openSUSE Leap 15.6 libgnutls30-3.8.3-150600.4.6.2 gnutls-3.8.3-150600.4.6.2 libgnutls-devel-3.8.3-150600.4.6.2 libgnutls-devel-32bit-3.8.3-150600.4.6.2 libgnutls-devel-64bit-3.8.3-150600.4.6.2 libgnutls30-32bit-3.8.3-150600.4.6.2 libgnutls30-64bit-3.8.3-150600.4.6.2 libgnutlsxx-devel-3.8.3-150600.4.6.2 libgnutlsxx30-3.8.3-150600.4.6.2 libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/kiwi:latest libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/php-apache:latest libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/php-fpm:latest libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/php:latest libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/spack:0.23 libgnutls30-3.8.3-150600.4.6.2 as a component of Container bci/spack:latest libgnutls30-3.8.3-150600.4.6.2 as a component of Container containers/open-webui:0 libgnutls30-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/cdi-importer:1.58.0 libgnutls30-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/cdi-uploadserver:1.58.0 libgnutls30-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/libguestfs-tools:1.4.0 libgnutls30-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/virt-handler:1.4.0 gnutls-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/virt-launcher:1.4.0 libgnutls30-3.8.3-150600.4.6.2 as a component of Container suse/sles/15.7/virt-launcher:1.4.0 libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS-Azure libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS-EC2 libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS-GCE libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS-GDC libgnutls30-3.8.3-150600.4.6.2 as a component of Image SLES15-SP6-CHOST-BYOS-SAP-CCloud gnutls-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libgnutls-devel-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libgnutls30-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libgnutls30-32bit-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libgnutlsxx-devel-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libgnutlsxx30-3.8.3-150600.4.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 gnutls-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutls-devel-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutls-devel-32bit-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutls30-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutls30-32bit-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutlsxx-devel-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 libgnutlsxx30-3.8.3-150600.4.6.2 as a component of openSUSE Leap 15.6 A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. CVE-2024-12243 Container bci/kiwi:latest:libgnutls30-3.8.3-150600.4.6.2 Container bci/php-apache:latest:libgnutls30-3.8.3-150600.4.6.2 Container bci/php-fpm:latest:libgnutls30-3.8.3-150600.4.6.2 Container bci/php:latest:libgnutls30-3.8.3-150600.4.6.2 Container bci/spack:0.23:libgnutls30-3.8.3-150600.4.6.2 Container bci/spack:latest:libgnutls30-3.8.3-150600.4.6.2 Container containers/open-webui:0:libgnutls30-3.8.3-150600.4.6.2 Container suse/sles/15.7/cdi-importer:1.58.0:libgnutls30-3.8.3-150600.4.6.2 Container suse/sles/15.7/cdi-uploadserver:1.58.0:libgnutls30-3.8.3-150600.4.6.2 Container suse/sles/15.7/libguestfs-tools:1.4.0:libgnutls30-3.8.3-150600.4.6.2 Container suse/sles/15.7/virt-handler:1.4.0:libgnutls30-3.8.3-150600.4.6.2 Container suse/sles/15.7/virt-launcher:1.4.0:gnutls-3.8.3-150600.4.6.2 Container suse/sles/15.7/virt-launcher:1.4.0:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS-Azure:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS-EC2:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS-GCE:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS-GDC:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS-SAP-CCloud:libgnutls30-3.8.3-150600.4.6.2 Image SLES15-SP6-CHOST-BYOS:libgnutls30-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:gnutls-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls-devel-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutls30-32bit-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx-devel-3.8.3-150600.4.6.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:libgnutlsxx30-3.8.3-150600.4.6.2 openSUSE Leap 15.6:gnutls-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutls-devel-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutls-devel-32bit-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutls30-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutls30-32bit-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutlsxx-devel-3.8.3-150600.4.6.2 openSUSE Leap 15.6:libgnutlsxx30-3.8.3-150600.4.6.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250764-1/ https://www.suse.com/security/cve/CVE-2024-12243.html CVE-2024-12243 https://bugzilla.suse.com/1236974 SUSE Bug 1236974