Gnutls update fixes certificate verification and resource issue

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Gnutls update fixes certificate verification and resource issue

SUSE-SU-2026:0829-1

Summary

This update for gnutls fixes a security issue that could cause the system to consume excessive resources when verifying certain types of malicious certificates. This could potentially lead to a denial of service. The update also includes various bug fixes and improvements. We recommend installing the update to ensure the security and stability of your system.

What to do

Update gnutls to version 3.8.3-150600.4.17.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	gnutls	<= 3.8.3-150600.4.17.1	3.8.3-150600.4.17.1
–	gnutls	<= 3.8.3-150600.4.17.1	3.8.3-150600.4.17.1

Original title

Security update for gnutls

Original description

This update for gnutls fixes the following issues:

Security issue:

- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a
large number of name constraints and subject alternative names (bsc#1257960).

Other updates and bugfixes:

- update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753).
- lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
- tests/psk-file: Add testing for _credentials2 functions
- lib/psk: add null check for binder algo
- pre_shared_key: fix memleak when retrying with different binder algo
- pre_shared_key: add null check on pskcred

https://www.suse.com/support/update/announcement/2026/suse-su-20260829-1/ Vendor Advisory
https://bugzilla.suse.com/1257960 Third Party Advisory
https://bugzilla.suse.com/1258083 Third Party Advisory
https://www.suse.com/security/cve/CVE-2025-14831 URL

Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026