Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <c6cb9061-710c-49aa-80ce-62045f358a81@oracle.com>
Date: Thu, 20 Nov 2025 10:48:38 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: gnutls 3.8.11 released with fix for CVE-2025-9820

https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 reports:

> GNUTLS-SA-2025-11-18
> CVE-2025-9820   
> Severity Low; Stack write buffer overflow 
> 
> When a PKCS#11 token is initialized with gnutls_pkcs11_token_init function and
> it is passed a token label longer than 32 characters, it may write past the
> boundary of stack allocated memory. The issue was reported in the issue tracker
> as #1732.  <https://gitlab.com/gnutls/gnutls/-/issues/1732>
> 
> Recommendation: Given the length limit is imposed by the PKCS#11 standard,
> the application should check and reject longer label exceeding the limit,
> though this was unclear in the GnuTLS documentation. If it is not feasible for
> some reason, we would recommend upgrading GnuTLS to 3.8.11 or later versions.
> The issue could also be effectively mitigated if you compile the library with
> -D_FORTIFY_SOURCE=2.


-------- Forwarded Message --------
Subject: gnutls 3.8.11 released
Date: Thu, 20 Nov 2025 11:57:06 +0900
From: Daiki Ueno <ueno@....org>
To: gnutls-help@...ts.gnutls.org
CC: info-gnu@....org

Hello,

We have just released gnutls-3.8.11. This is a bug fix, security and
enhancement release on the 3.8.x branch.

We would like to thank everyone who contributed in this release:
Alexander Sosedkin, Alistair Francis, chenjianhu, Daiki Ueno, Daniel
P. Berrangé, David Dudas, fundawang, Hannes Reinecke, Jiasheng Jiang,
Karthik Das, Maxim Cournoyer, Samuel Zeter, Wilfred Mallawa, and Zoltan
Fridrich.

The detailed list of changes follows:

* Version 3.8.11 (released 2025-11-18)

** libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init
    Reported by Luigino Camastra from Aisle Research. [GNUTLS-SA-2025-11-18,
    CVSS: low] [CVE-2025-9820]

** libgnutls: MAC algorithms for PSK binders is now configurable
    The previous implementation assumed HMAC-SHA256 to calculate the
    PSK binders. With the new gnutls_psk_allocate_client_credentials2()
    and gnutls_psk_allocate_server_credentials2() functions, the
    application can use other MAC algorithms such as HMAC-SHA384.

** libgnutls: Expose a new function to provide the maximum record send size
    A new function gnutls_record_get_max_send_size() has been added to
    determine the maximum size of a TLS record to be sent to the peer.

** libgnutls: Expose a new function to update keys without sending a KeyUpdate
    to the peer. A new function gnutls_handshake_update_receiving_key()
    has been added to allow updating the local receiving key without
    sending any KeyUpdate messages.

** libgnutls: PKCS#11 cryptographic provider configuration takes a token URI
    instead of a module path. To allow using a PKCS#11 module exposing
    multiple tokens, the "path" configuration keyword was replaced with
    the "url" keyword.

** libgnutls: Support crypto-auditing probe points
    crypto-auditing is a project to monitor which cryptographic
    operations are taking place in the library at run time, through
    eBPF. This adds necessary probe points for that, in public key
    cryptography and the TLS use-case. To enable this, run configure
    with --enable-crypto-auditing.

** build: The minimum version of Nettle has been updated to 3.10
    Given Nettle 3.10 is ABI compatible with 3.6 and includes several
    security relevant fixes, the library's minimum requirement of
    Nettle is updated to 3.10.

** build: The default priority file path is now constructed from sysconfdir
    Previously, the location of the default priority file was
    hard-coded to be /etc/gnutls/config. Now it takes into account of
    the --sysconfdir option given to the configure script.

** API and ABI modifications:
gnutls_psk_allocate_client_credentials2: New function
gnutls_psk_allocate_server_credentials2: New function
gnutls_record_get_max_send_size: New function
gnutls_handshake_update_receiving_key: New function
gnutls_audit_push_context: New function
gnutls_audit_pop_context: New function
gnutls_audit_current_context: New function

Getting the Software
================

GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html

Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.11.tar.xz

Here are OpenPGP detached signatures signed using key:
462225C3B46F34879FC8496CD605848ED7E69871
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.11.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2026-06-29]
       462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno@...xuser.org>
uid           [ultimate] Daiki Ueno <ueno@....org>
sub   rsa4096 2010-02-04 [E]

Regards,
-- 
Daiki Ueno

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.