Patch gnutls for CVE-2025-32989, CVE-2025-32988

azurelinux-security · azurelinux-security · commit d4186be2aa90 · 2025-07-15T19:37:15.000Z
diff --git a/SPECS/gnutls/CVE-2025-32988.patch b/SPECS/gnutls/CVE-2025-32988.patch
@@ -0,0 +1,34 @@
+From e5c3697a3ef3ab6b8a07e3212621ae334f93ea4d Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <azurelinux-security@microsoft.com>
+Date: Tue, 15 Jul 2025 19:22:38 +0000
+Subject: [PATCH] Fix CVE CVE-2025-32988 in gnutls
+
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573.patch
+---
+ lib/x509/extensions.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
+index dc333f4..2f0823a 100644
+--- a/lib/x509/extensions.c
++++ b/lib/x509/extensions.c
+@@ -805,7 +805,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, oid, 1);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+@@ -814,7 +813,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, data, data_size);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+-- 
+2.45.3
+
diff --git a/SPECS/gnutls/CVE-2025-32989.patch b/SPECS/gnutls/CVE-2025-32989.patch
@@ -0,0 +1,27 @@
+From 0300315c208ae9fec5780bc7a7f0f319449d1195 Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <azurelinux-security@microsoft.com>
+Date: Tue, 15 Jul 2025 19:22:59 +0000
+Subject: [PATCH] Fix CVE CVE-2025-32989 in gnutls
+
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2.patch
+---
+ lib/x509/x509_ext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index 40b0f77..29cdae6 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -3850,7 +3850,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext, gnutls_x509_ct_sct
+ 	}
+ 
+ 	length = _gnutls_read_uint16(scts_content.data);
+-	if (length < 4) {
++	if (length < 4 || length > scts_content.size) {
+ 		gnutls_free(scts_content.data);
+ 		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ 	}
+-- 
+2.45.3
+
diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec
@@ -1,7 +1,7 @@
 Summary:        The GnuTLS Transport Layer Security Library
 Name:           gnutls
 Version:        3.7.11
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv3+ AND LGPLv2.1+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -10,6 +10,8 @@ URL:            https://www.gnutls.org
 Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
 Patch0:         CVE-2024-12133.patch
 Patch1:         CVE-2024-12243.patch
+Patch2:         CVE-2025-32989.patch
+Patch3:         CVE-2025-32988.patch
 BuildRequires:  autogen-libopts-devel
 BuildRequires:  gc-devel
 BuildRequires:  guile-devel
@@ -96,6 +98,9 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//'  tests/slow/Makefile.am
 %{_mandir}/man3/*
 
 %changelog
+* Tue Jul 15 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.7.11-4
+- Patch for CVE-2025-32989, CVE-2025-32988
+
 * Tue Mar 11 2025 Sreeniavsulu Malavathula <v-smalavathu@microsoft.com> - 3.7.11-3
 - Patch to fix CVE-2024-12243
 
