Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros 144
According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.
It's time (Score:5, Funny)
Re:Old news (Score:5, Funny)
"Linux" refers to a broad range of systems and vendors, rather than a single company,
really? this is /. timmy, get with the program, everyone knows this because THIS YEAR will be the year of linux on the desktop
Re:Ha! (Score:4, Funny)
and the blue screening of classic windows provides a hard shield against any rogue processes owning the machine for too long
Re:Old news (Score:3, Funny)
"The GNU crap". :-)
It's amazing how quite the FOSS community will throw Stallman under the bus, if the alternative is accepting parity with Apple's security bug.