Red Hat Security Advisory: gnutls security, bug fix, and enhancement update
Multiple vulnerabilities have been identified in the GnuTLS library used in Red Hat Enterprise Linux 9. 2, including issues leading to remote denial of service, NULL pointer dereference, and parsing flaws in certificate templates and extensions. These vulnerabilities are rated with moderate security impact by Red Hat Product Security. The advisory covers five CVEs: CVE-2024-12243, CVE-2025-32990, CVE-2025-32989, CVE-2025-32988, and CVE-2025-6395. Red Hat has issued an update addressing these security issues along with bug fixes and enhancements. Users of affected Red Hat Enterprise Linux versions are advised to apply the update to mitigate these vulnerabilities.
AI Analysis
Technical Summary
The Red Hat Security Advisory RHSA-2025:17361 addresses multiple vulnerabilities in the GnuTLS library, which implements cryptographic protocols such as SSL, TLS, and DTLS. The issues include inefficient DER decoding in libtasn1 leading to remote denial of service (CVE-2024-12243), vulnerabilities in certtool template parsing (CVE-2025-32990), SCT extension parsing (CVE-2025-32989), otherName SAN export (CVE-2025-32988), and a NULL pointer dereference in the _gnutls_figure_common_ciphersuite() function (CVE-2025-6395). These vulnerabilities have been fixed in updated GnuTLS packages for Red Hat Enterprise Linux 9.2 and related variants. The advisory provides references to the CVE pages for detailed impact and scoring information and directs users to Red Hat's update article for remediation instructions.
Potential Impact
The identified vulnerabilities may allow remote denial of service conditions and potential crashes due to NULL pointer dereferences in the GnuTLS library. Parsing flaws in certificate-related components could lead to unexpected behavior or security weaknesses in TLS operations. Red Hat rates the overall security impact as moderate. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated GnuTLS packages that address all listed vulnerabilities. Users of affected Red Hat Enterprise Linux 9.2 versions and related products should apply the provided security update as detailed in Red Hat's advisory and update article (https://access.redhat.com/articles/11258). Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: gnutls security, bug fix, and enhancement update
Description
Multiple vulnerabilities have been identified in the GnuTLS library used in Red Hat Enterprise Linux 9. 2, including issues leading to remote denial of service, NULL pointer dereference, and parsing flaws in certificate templates and extensions. These vulnerabilities are rated with moderate security impact by Red Hat Product Security. The advisory covers five CVEs: CVE-2024-12243, CVE-2025-32990, CVE-2025-32989, CVE-2025-32988, and CVE-2025-6395. Red Hat has issued an update addressing these security issues along with bug fixes and enhancements. Users of affected Red Hat Enterprise Linux versions are advised to apply the update to mitigate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat Security Advisory RHSA-2025:17361 addresses multiple vulnerabilities in the GnuTLS library, which implements cryptographic protocols such as SSL, TLS, and DTLS. The issues include inefficient DER decoding in libtasn1 leading to remote denial of service (CVE-2024-12243), vulnerabilities in certtool template parsing (CVE-2025-32990), SCT extension parsing (CVE-2025-32989), otherName SAN export (CVE-2025-32988), and a NULL pointer dereference in the _gnutls_figure_common_ciphersuite() function (CVE-2025-6395). These vulnerabilities have been fixed in updated GnuTLS packages for Red Hat Enterprise Linux 9.2 and related variants. The advisory provides references to the CVE pages for detailed impact and scoring information and directs users to Red Hat's update article for remediation instructions.
Potential Impact
The identified vulnerabilities may allow remote denial of service conditions and potential crashes due to NULL pointer dereferences in the GnuTLS library. Parsing flaws in certificate-related components could lead to unexpected behavior or security weaknesses in TLS operations. Red Hat rates the overall security impact as moderate. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated GnuTLS packages that address all listed vulnerabilities. Users of affected Red Hat Enterprise Linux 9.2 versions and related products should apply the provided security update as detailed in Red Hat's advisory and update article (https://access.redhat.com/articles/11258). Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:17361
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-6395","CVE-2025-32988","CVE-2025-32989","CVE-2025-32990"]
- Cvss Version
- null
Threat ID: 6a1f4e87e29bf47b50081653
Added to database: 6/2/2026, 9:43:35 PM
Last enriched: 6/2/2026, 10:10:53 PM
Last updated: 6/3/2026, 5:03:12 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.