Skip to content

Commit 56e2438

Browse files
CBL-Mariner-Botazurelinux-securitykevin-b-lockwoodKanishk-Bansal
authored
[AUTO-CHERRYPICK] [AutoPR- Security] Patch gnutls for CVE-2025-6395, CVE-2025-32989, CVE-2025-32988 - branch main (microsoft#14345)
Co-authored-by: Azure Linux Security Servicing Account <[email protected]> Co-authored-by: Kevin Lockwood <[email protected]> Co-authored-by: Kanishk Bansal <[email protected]>
1 parent 2ac46f1 commit 56e2438

File tree

5 files changed

+2237
-1
lines changed

5 files changed

+2237
-1
lines changed

SPECS/gnutls/CVE-2025-32988.patch

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
From d014da2652f9ab50f5da2548834a3071363992a1 Mon Sep 17 00:00:00 2001
2+
From: Azure Linux Security Servicing Account
3+
<[email protected]>
4+
Date: Tue, 15 Jul 2025 05:21:30 +0000
5+
Subject: [PATCH] Fix CVE CVE-2025-32988 in gnutls
6+
7+
Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573.patch
8+
---
9+
lib/x509/extensions.c | 2 --
10+
1 file changed, 2 deletions(-)
11+
12+
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
13+
index dc333f4..2f0823a 100644
14+
--- a/lib/x509/extensions.c
15+
+++ b/lib/x509/extensions.c
16+
@@ -805,7 +805,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
17+
result = asn1_write_value(ext, name2, oid, 1);
18+
if (result != ASN1_SUCCESS) {
19+
gnutls_assert();
20+
- asn1_delete_structure(&ext);
21+
return _gnutls_asn2err(result);
22+
}
23+
24+
@@ -814,7 +813,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
25+
result = asn1_write_value(ext, name2, data, data_size);
26+
if (result != ASN1_SUCCESS) {
27+
gnutls_assert();
28+
- asn1_delete_structure(&ext);
29+
return _gnutls_asn2err(result);
30+
}
31+
32+
--
33+
2.45.3
34+

SPECS/gnutls/CVE-2025-32989.patch

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
From 554887236c9eb9b134e2c370c0000e0c7ce51594 Mon Sep 17 00:00:00 2001
2+
From: Azure Linux Security Servicing Account
3+
<[email protected]>
4+
Date: Tue, 15 Jul 2025 05:21:51 +0000
5+
Subject: [PATCH] Fix CVE CVE-2025-32989 in gnutls
6+
7+
Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2.patch
8+
---
9+
lib/x509/x509_ext.c | 2 +-
10+
1 file changed, 1 insertion(+), 1 deletion(-)
11+
12+
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
13+
index 40b0f77..29cdae6 100644
14+
--- a/lib/x509/x509_ext.c
15+
+++ b/lib/x509/x509_ext.c
16+
@@ -3850,7 +3850,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext, gnutls_x509_ct_sct
17+
}
18+
19+
length = _gnutls_read_uint16(scts_content.data);
20+
- if (length < 4) {
21+
+ if (length < 4 || length > scts_content.size) {
22+
gnutls_free(scts_content.data);
23+
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
24+
}
25+
--
26+
2.45.3
27+

0 commit comments

Comments
 (0)