摘要:
gnutls security update
安全等级: Medium
公告ID: KylinSec-SA-2025-2840
发布日期: 2025年9月19日
关联CVE: CVE-2025-6395 CVE-2025-32989 CVE-2025-32988 CVE-2025-32990
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.
Security Fix(es):
A vulnerability, which was classified as critical, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-32988)
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols open source.
GnuTLS has a trust management vulnerability, which originated from improper processing of CT SCT SCT expansion during X.509 certificate resolution, which may lead to information leakage.(CVE-2025-32989)
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols.
There is a security vulnerability in GnuTLS that originates from a heap buffer overflow in the certtool tool template parsing logic, which can lead to memory corruption and denial of service.(CVE-2025-32990)
A vulnerability, which was classified as problematic, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21000).(CVE-2025-6395)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-6395 | V6 | gnutls | Fixed |
| CVE-2025-32989 | V6 | gnutls | Fixed |
| CVE-2025-32988 | V6 | gnutls | Fixed |
| CVE-2025-32990 | V6 | gnutls | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| gnutls-help | noarch | 3.8.2-7.ks6 |
| gnutls | x86_64 | 3.8.2-7.ks6 |
| gnutls-dane | x86_64 | 3.8.2-7.ks6 |
| gnutls-devel | x86_64 | 3.8.2-7.ks6 |
| gnutls-utils | x86_64 | 3.8.2-7.ks6 |
| gnutls | aarch64 | 3.8.2-7.ks6 |
| gnutls-dane | aarch64 | 3.8.2-7.ks6 |
| gnutls-devel | aarch64 | 3.8.2-7.ks6 |
| gnutls-utils | aarch64 | 3.8.2-7.ks6 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
