diff --git a/SPECS/gnutls/CVE-2025-32988.patch b/SPECS/gnutls/CVE-2025-32988.patch new file mode 100644 index 00000000000..545497ef5d1 --- /dev/null +++ b/SPECS/gnutls/CVE-2025-32988.patch @@ -0,0 +1,34 @@ +From e5c3697a3ef3ab6b8a07e3212621ae334f93ea4d Mon Sep 17 00:00:00 2001 +From: Azure Linux Security Servicing Account + +Date: Tue, 15 Jul 2025 19:22:38 +0000 +Subject: [PATCH] Fix CVE CVE-2025-32988 in gnutls + +Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573.patch +--- + lib/x509/extensions.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c +index dc333f4..2f0823a 100644 +--- a/lib/x509/extensions.c ++++ b/lib/x509/extensions.c +@@ -805,7 +805,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + result = asn1_write_value(ext, name2, oid, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); +- asn1_delete_structure(&ext); + return _gnutls_asn2err(result); + } + +@@ -814,7 +813,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + result = asn1_write_value(ext, name2, data, data_size); + if (result != ASN1_SUCCESS) { + gnutls_assert(); +- asn1_delete_structure(&ext); + return _gnutls_asn2err(result); + } + +-- +2.45.3 + diff --git a/SPECS/gnutls/CVE-2025-32989.patch b/SPECS/gnutls/CVE-2025-32989.patch new file mode 100644 index 00000000000..12eb5290db0 --- /dev/null +++ b/SPECS/gnutls/CVE-2025-32989.patch @@ -0,0 +1,27 @@ +From 0300315c208ae9fec5780bc7a7f0f319449d1195 Mon Sep 17 00:00:00 2001 +From: Azure Linux Security Servicing Account + +Date: Tue, 15 Jul 2025 19:22:59 +0000 +Subject: [PATCH] Fix CVE CVE-2025-32989 in gnutls + +Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2.patch +--- + lib/x509/x509_ext.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c +index 40b0f77..29cdae6 100644 +--- a/lib/x509/x509_ext.c ++++ b/lib/x509/x509_ext.c +@@ -3850,7 +3850,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext, gnutls_x509_ct_sct + } + + length = _gnutls_read_uint16(scts_content.data); +- if (length < 4) { ++ if (length < 4 || length > scts_content.size) { + gnutls_free(scts_content.data); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } +-- +2.45.3 + diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec index c953573fed4..e927cae7b9b 100644 --- a/SPECS/gnutls/gnutls.spec +++ b/SPECS/gnutls/gnutls.spec @@ -1,7 +1,7 @@ Summary: The GnuTLS Transport Layer Security Library Name: gnutls Version: 3.7.11 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv3+ AND LGPLv2.1+ Vendor: Microsoft Corporation Distribution: Mariner @@ -10,6 +10,8 @@ URL: https://www.gnutls.org Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz Patch0: CVE-2024-12133.patch Patch1: CVE-2024-12243.patch +Patch2: CVE-2025-32989.patch +Patch3: CVE-2025-32988.patch BuildRequires: autogen-libopts-devel BuildRequires: gc-devel BuildRequires: guile-devel @@ -96,6 +98,9 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//' tests/slow/Makefile.am %{_mandir}/man3/* %changelog +* Tue Jul 15 2025 Azure Linux Security Servicing Account - 3.7.11-4 +- Patch for CVE-2025-32989, CVE-2025-32988 + * Tue Mar 11 2025 Sreeniavsulu Malavathula - 3.7.11-3 - Patch to fix CVE-2024-12243