[SECURITY] Fedora 42 Update: mingw-libtasn1-4.21.0-1.fc42

libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library...

Curl 8.8.0 < 8.18.0 Improper Certificate Validation.

The version of curl installed on the remote host is missing a security update. It is, therefore, affected by an improper certificate validation vulnerability. - When using the CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool, the public key check should be performed...

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

MiracleLinux 4 : gnutls-2.8.5-10.2.0.1.AXS4 (AXSA:2013-469:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-469:02 advisory. GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the...

OESA-2026-1046 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2026-1045 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

ALPINE-CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

CVE-2025-13034 No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

[SECURITY] Fedora 43 Update: gnutls-3.8.11-1.fc43

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the gnutlspkcs11tokeninit function. An attacker can cause a crash or potentially execute arbitrary code by supplying a PKCS11 token with a label longer than 32 characters, leading to writing past the end ...

gnutls security, bug fix, and enhancement update

An update is available for gnutls. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

EUVD-2010-0757

Malware in sbrugna...

CLSA-2025-1759334361 gnutls: Fix of CVE-2025-32990

CVE-2025-32990: fix heap-buffer-overflow flaw in template parsing logic to prevent OOB NULL pointer write and memory corruption...

RHEL 9 : gnutls (RHSA-2025:16116)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16116 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

AZL-65154 CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

UBUNTU-CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...

The vulnerability of the Transport Layer Security library GnuTLS, related to the use of cryptographic algorithms containing defects, allows attackers to gain access to confidential data.

The vulnerability of the GnuTLS transport layer security library is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...

CLSA-2025-1747903683 gnutls: Fix of 2 CVEs

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA - CVE-2024-28835: fix crash when verifying a certificate chain with more than 16 certificates...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...