A wee little Linux bug

Subject: General Tech | March 5, 2014 - 02:47 PM |
Tagged: linux, security

It would seem that there is a fairly problematic bug in the way that GnuTLS library applies encryption for many Linux users.  According to the story on The Inquirer this bug could allow an improperly setup certificate to be reported as valid and while your connection states it is secure it will not in fact be encrypted.  Red Hat has already issued a patch to solve this problem but the vulnerability would apply to any distro which uses the GnuTLS library.  It would be wise to follow the link from the story to locate a patch for your system before attackers start using it in the wild.

View Full Size

"THOUSANDS OF LINUX USERS might be vulnerable to hackers after it emerged that a significant certificate checking bug exists in a low level library.

The problem stems from the GnuTLS library that provides an API to enable SSL, TLS and DTLS encryption protocols, as used particularly by web servers."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer
No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.