An update for gnutls is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2008 Final 1.0 1.0 2025-08-15 Initial 2025-08-15 2025-08-15 openEuler SA Tool V1.0 2025-08-15 gnutls security update An update for gnutls is now available for openEuler-22.03-LTS-SP4 GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code. Security Fix(es): A vulnerability, which was classified as critical, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-32988) GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. There is a security vulnerability in GnuTLS that originates from a heap buffer overflow in the certtool tool template parsing logic, which can lead to memory corruption and denial of service.(CVE-2025-32990) A vulnerability, which was classified as problematic, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21000).(CVE-2025-6395) An update for gnutls is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium gnutls https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2008 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32988 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32990 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 openEuler-22.03-LTS-SP4 gnutls-3.7.2-17.oe2203sp4.aarch64.rpm gnutls-debuginfo-3.7.2-17.oe2203sp4.aarch64.rpm gnutls-debugsource-3.7.2-17.oe2203sp4.aarch64.rpm gnutls-devel-3.7.2-17.oe2203sp4.aarch64.rpm gnutls-utils-3.7.2-17.oe2203sp4.aarch64.rpm gnutls-3.7.2-17.oe2203sp4.src.rpm gnutls-3.7.2-17.oe2203sp4.x86_64.rpm gnutls-debuginfo-3.7.2-17.oe2203sp4.x86_64.rpm gnutls-debugsource-3.7.2-17.oe2203sp4.x86_64.rpm gnutls-devel-3.7.2-17.oe2203sp4.x86_64.rpm gnutls-utils-3.7.2-17.oe2203sp4.x86_64.rpm gnutls-help-3.7.2-17.oe2203sp4.noarch.rpm A vulnerability, which was classified as critical, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 2025-08-15 CVE-2025-32988 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H gnutls security update 2025-08-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2008 GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. There is a security vulnerability in GnuTLS that originates from a heap buffer overflow in the certtool tool template parsing logic, which can lead to memory corruption and denial of service. 2025-08-15 CVE-2025-32990 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L gnutls security update 2025-08-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2008 A vulnerability, which was classified as problematic, was found in GnuTLS (Network Encryption Software) (affected version unknown).CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.This is going to have an impact on availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21000). 2025-08-15 CVE-2025-6395 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H gnutls security update 2025-08-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2008