- What: A security update is available for gnutls28 in Debian to address a denial-of-service vulnerability.
- Impact: Processing specially crafted certificates with a large number of name constraints can lead to resource exhaustion.
[SECURITY] [DSA 6140-1] gnutls28 security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6140-1] gnutls28 security update From : Salvatore Bonaccorso < carnil@debian.org > Date : Wed, 18 Feb 2026 12:00:11 +0000 Message-id : < [🔎] E1vsgDz-009Or4-1p@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6140-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls28 CVE ID : CVE-2025-14831 Tim Scheckenbach reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Processing of specially crafted certificates containing a large number of name constraints may result in denial of service (resource exhaustion). For the oldstable distribution (bookworm), this problem has been fixed in version 3.7.9-2+deb12u6. This update also includes a fix for CVE-2025-9820. For the stable distribution (trixie), this problem has been fixed in version 3.8.9-3+deb13u2. We recommend that you upgrade your gnutls28 packages. For the detailed security status of gnutls28 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gnutls28 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmVqHVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rgjw//cD2I2WzI2NDzSSXhsZUHuQpY7jXah4tiHheJjnckxISB9G8PL/mprHyE 5EuO+Gvv/gN7qxdc1iEQH8ttkzp+kluEcC+Cx/fXSmMgNjnyTKHL9i8Q6zKE3Uo5 BpTga1FkuRv/PwxYC+TdOCGVDfHmd5b8JgXBN9oi9VCs+FbSEQfcRdff8oeKCy3Y vKn4woMEIY+TXdGxcNuv+rUUzFTZr77GepCDxjuGOyoCtEI4k5CFo7p4g9rfijU6 4YkbM/cZClKbz97knIH4DnuUB8Di5DrVCsK/HDWpoD6ZUhMhU+zIG1pAISZGYKMe mGjDiQa0MXuUNy9+omK7/PkNmX0nRafTaa1uWyIo5CnxUG4N8jzAOshGZ5ucaH5k qvEsTEZyaEM6GDpTqO+uN3SFtyGgrarCmMlCAOGyalWWQGoSUyBcmo6OybnwIAHv HzZeVfTJW68gJP02q8EIBsYwO6QRLq0nzFV4W9SS/x4jdf+Ux/rKIbLW3+FS2Kzr 774Z2q9ZrXmEaKJ7WrT+Tvg1HnDd9PGJCLYfh9Hz9l20hwBB5X50Wg15QH+jttUC Mv/AKl6QrxHrasCQMM7n1Zt0elHjgfUNYo18n8CzbdRjfm1n3nYasLwwzeXLq18m PuYTnb0O+/kbraBocX/0F29bBnIVGQaw8uHOM7mPghi9l2WiuzA= =M6c9 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6139-1] gimp security update Next by Date: [SECURITY] [DSA 6141-1] linux security update Previous by thread: [SECURITY] [DSA 6139-1] gimp security update Next by thread: [SECURITY] [DSA 6141-1] linux security update Index(es): Date Thread