gnutls28 3.8.3-1.1ubuntu3.4 source package in Ubuntu
Changelog
gnutls28 (3.8.3-1.1ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: OOB read via malformed length field in SCT extension
- debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
timestamps in lib/x509/x509_ext.c.
- CVE-2025-32989
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Marc Deslauriers <email address hidden> Fri, 11 Jul 2025 08:58:05 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Noble
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Noble | updates | main | libs | |
| Noble | security | main | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| gnutls28_3.8.3.orig.tar.xz | 6.2 MiB | f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e |
| gnutls28_3.8.3.orig.tar.xz.asc | 854 bytes | b2b90d225728890b0e2aa7c05e5f25f8ba1282821b46e72cd99f0c732b639cef |
| gnutls28_3.8.3-1.1ubuntu3.4.debian.tar.xz | 97.8 KiB | 2839cedf1673eaa7c4183dd89e1f33b7144707d67e50803c706253b6dfff1fae |
| gnutls28_3.8.3-1.1ubuntu3.4.dsc | 3.3 KiB | 135c8c444bf9e4fe23d358878c0ba39b4a4abbeb3f310f869fd3a4ab548af42e |
Available diffs
Binary packages built by this source
- gnutls-bin: GNU TLS library - commandline utilities
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains a commandline interface to the GNU TLS library, which
can be used to set up secure connections from e.g. shell scripts, debugging
connection issues or managing certificates.
.
Useful utilities include:
- TLS termination: gnutls-cli, gnutls-serv
- key and certificate management: certtool, ocsptool, p11tool
- credential management: srptool, psktool
- gnutls-bin-dbgsym: debug symbols for gnutls-bin
- gnutls-doc: GNU TLS library - documentation and examples
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains all the GnuTLS documentation.
- libgnutls-dane0t64: GNU TLS library - DANE security support
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the runtime library for DANE (DNS-based Authentication
of Named Entities) support.
- libgnutls-dane0t64-dbgsym: debug symbols for libgnutls-dane0t64
- libgnutls-openssl27t64: GNU TLS library - OpenSSL wrapper
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the runtime library of the GnuTLS OpenSSL wrapper.
- libgnutls-openssl27t64-dbgsym: debug symbols for libgnutls-openssl27t64
- libgnutls28-dev: GNU TLS library - development files
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the GnuTLS development files.
- libgnutls30t64: GNU TLS library - main runtime library
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the main runtime library.
- libgnutls30t64-dbgsym: debug symbols for libgnutls30t64
