Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1496-1 gnutls28 security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1497-1 distro-info-data database update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1495-1 gnutls28 security update
ELA-1494-1 unrar-nonfree security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4267-1] gnutls28 security update
[SECURITY] [DLA 4267-1] gnutls28 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4267-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
August 09, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : gnutls28
Version : 3.7.1-5+deb11u8
CVE ID : CVE-2025-6395 CVE-2025-32988 CVE-2025-32990
Multiple vulnerabilities have been fixed in GnuTLS, a library
implementing the SSL, TLS and DTLS protocols.
CVE-2025-6395
NULL dereference when 2nd Client Hello omits PSK
CVE-2025-32988
Double-free upon error when exporting otherName in SAN
CVE-2025-32990
1-byte write buffer overrun in certtool
For Debian 11 bullseye, these problems have been fixed in version
3.7.1-5+deb11u8.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1496-1 gnutls28 security update
Package : gnutls28
Version : 3.5.8-5+deb9u9 (stretch)
Related CVEs :
CVE-2025-32988
CVE-2025-32990
Multiple vulnerabilities have been fixed in GnuTLS, a library implementing the SSL, TLS and DTLS protocols.
CVE-2025-32988
Double-free upon error when exporting otherName in SAN
CVE-2025-32990
1-byte write buffer overrun in certtoolELA-1496-1 gnutls28 security update
ELA-1495-1 gnutls28 security update
Package : gnutls28
Version : 3.6.7-4+deb10u14 (buster)
Related CVEs :
CVE-2025-6395
CVE-2025-32988
CVE-2025-32990
Multiple vulnerabilities have been fixed in GnuTLS, a library implementing the SSL, TLS and DTLS protocols.
CVE-2025-6395
NULL dereference when 2nd Client Hello omits PSK
CVE-2025-32988
Double-free upon error when exporting otherName in SAN
CVE-2025-32990
1-byte write buffer overrun in certtoolELA-1495-1 gnutls28 security update
ELA-1494-1 unrar-nonfree security update
Package : unrar-nonfree
Version : 1:5.6.6-1+deb10u5~deb9u1 (stretch), 1:5.6.6-1+deb10u5 (buster)
Related CVEs :
CVE-2024-33899
ANSI escape injection has been fixed in UnRAR, an unarchiver for .rar archives.ELA-1494-1 unrar-nonfree security update
ELA-1497-1 distro-info-data database update
Package : distro-info-data
Version : 0.41+deb10u2~bpo9+8 (stretch), 0.41+deb10u12 (buster)
This is a routine update of the distro-info-data database for Debian
ELTS users.
It adds the release and estimated EoL dates for Debian 13 “Trixie”.
Also included is a new “eol-legacy” column for Ubuntu Legacy Support.ELA-1497-1 distro-info-data database update
