| Package | gnutls28 |
|---|---|
| Version | 3.3.30-0+deb8u3 (jessie), 3.5.8-5+deb9u8 (stretch), 3.6.7-4+deb10u13 (buster) |
| Related CVEs | CVE-2024-12243 |
Bing Shi discovered that certificate data with a large number of names or name constraints were handled inefficiently, which may lead to Denial of Service upon specially crafted certificates.
For Debian 10 buster, these problems have been fixed in version 3.6.7-4+deb10u13.
For Debian 8 jessie, these problems have been fixed in version 3.3.30-0+deb8u3.
For Debian 9 stretch, these problems have been fixed in version 3.5.8-5+deb9u8.
We recommend that you upgrade your gnutls28 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.