SUSE alert SUSE-SU-2026:0829-1 (gnutls)
| From: | OPENSUSE-SECURITY-UPDATES <null@suse.de> | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | SUSE-SU-2026:0829-1: moderate: Security update for gnutls | |
| Date: | Thu, 05 Mar 2026 20:30:14 -0000 | |
| Message-ID: | <177274261490.2224.3436547906851985698@13ea24840d99> | |
| Archive-link: | Article |
# Security update for gnutls Announcement ID: SUSE-SU-2026:0829-1 Release Date: 2026-03-05T15:17:14Z Rating: moderate References: * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability, contains two features and has one security fix can now be installed. ## Description: This update for gnutls fixes the following issues: Security issue: * CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (bsc#1257960). Other updates and bugfixes: * update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753). * lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2 * tests/psk-file: Add testing for _credentials2 functions * lib/psk: add null check for binder algo * pre_shared_key: fix memleak when retrying with different binder algo * pre_shared_key: add null check on pskcred ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-829=1 openSUSE-SLE-15.6-2026-829=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-829=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgnutlsxx-devel-3.8.3-150600.4.17.1 * libgnutlsxx30-3.8.3-150600.4.17.1 * libgnutlsxx30-debuginfo-3.8.3-150600.4.17.1 * gnutls-3.8.3-150600.4.17.1 * gnutls-debugsource-3.8.3-150600.4.17.1 * libgnutls-devel-3.8.3-150600.4.17.1 * libgnutls30-debuginfo-3.8.3-150600.4.17.1 * gnutls-debuginfo-3.8.3-150600.4.17.1 * libgnutls30-3.8.3-150600.4.17.1 * openSUSE Leap 15.6 (x86_64) * libgnutls30-32bit-3.8.3-150600.4.17.1 * libgnutls-devel-32bit-3.8.3-150600.4.17.1 * libgnutls30-32bit-debuginfo-3.8.3-150600.4.17.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libgnutls30-64bit-3.8.3-150600.4.17.1 * libgnutls-devel-64bit-3.8.3-150600.4.17.1 * libgnutls30-64bit-debuginfo-3.8.3-150600.4.17.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.8.3-150600.4.17.1 * libgnutlsxx30-3.8.3-150600.4.17.1 * libgnutlsxx30-debuginfo-3.8.3-150600.4.17.1 * gnutls-3.8.3-150600.4.17.1 * gnutls-debugsource-3.8.3-150600.4.17.1 * libgnutls-devel-3.8.3-150600.4.17.1 * libgnutls30-debuginfo-3.8.3-150600.4.17.1 * gnutls-debuginfo-3.8.3-150600.4.17.1 * libgnutls30-3.8.3-150600.4.17.1 * Basesystem Module 15-SP7 (x86_64) * libgnutls30-32bit-3.8.3-150600.4.17.1 * libgnutls30-32bit-debuginfo-3.8.3-150600.4.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753
Attachment: None (type=text/html)
(HTML attachment elided)