Details:
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Security Fix(es):
gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS (CVE-2024-12243)
gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)
gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)
gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)
gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)
Bug Fix(es) and Enhancement(s):
gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)
gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)
gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)
gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
0:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.40:3.7.6-21.el9_2.4Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:LA:L6.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L