Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 25.10 GnuTLS Important DoS Vulnerability USN-8043-1 CVE-2025-14831

ubuntu
Calendar Grey February 16, 2026
Dist Ubuntu Esm H88
Multiple security issues fixed in GnuTLS for Ubuntu with risk assessment and update instructions.
Several security issues were fixed in GnuTLS.

Summary

Several security issues were fixed in GnuTLS.

Software Description:

- gnutls28: GNU TLS library

Details:

Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious

certificates containing a large number of name constraints and subject

alternative names. A remote attacker could possibly use this issue to

cause GnuTLS to consume resources, resulting in a denial of service.

(CVE-2025-14831)

Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11

token labels. A remote attacker could use this issue to cause GnuTLS to

crash, resulting in a denial of service, or possibly execute arbitrary

code. The default compiler options for affected releases should reduce the

vulnerability to a denial of service. (CVE-2025-9820)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libgnutls30t64                  3.8.9-3ubuntu2.1

Ubuntu 24.04 LTS
  libgnutls30t64                  3.8.3-1.1ubuntu3.5

Ubuntu 22.04 LTS
  libgnutls30                     3.7.3-4ubuntu1.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8043-1

CVE-2025-14831, CVE-2025-9820

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8043-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here