Many Linux distributions appear vulnerable critical GnuTLS bug




Many open source software, including Linux distributions from Red Hat, Debian and Ubuntu appears vulnerable to a bug in the GnuTLS library enabling ssl and tls to circumvent and Internet traffic capture. The bug is reminiscent of a recent Apple leak.

GnuTLS is a library for SSL / TLS implementation and creates a lot of open source software, including operating systems and hundreds of programs, making use of it. However, there appears to be a bug stuck, causing the SSL / TLS security is to circumvent. Within the GnuTLS code SSL and TLS encryption protocols are the most important for Internet and they ensure that important communications like online banking and webmail intercept his.

The error in the code causes some verification checks are not performed. This is no proper authentication of TLS, or X509 certificates instead and invalid certificates can be accepted as valid, describes Existentialize. The bug is possible for years in the code and the reason that it is not observed, it would be because it is difficult to test thoroughly. TLS implementations

There was also Apple recently back: iOS and OS X proved amenable to bypass SSL and TLS by an error in the code that now the “goto fail” has become known to the double entry of that line of code that caused the bug. Apple vulnerability in both operating systems solved . The GnuTLS bug was discovered during an audit for Red Hat. GnuTLS a developer calls the bug ‘shameful’. GnuTLS recommends to upgrade to version 3.2.12. Because the library in much software is woven, it will probably be long before all the programs and operating systems are updated.


In: Technology & Gadgets Asked By: [15554 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »