GnuTLS Flaw Leaves Many Linux Users Open To Attacks - Slashdot

Slashdot

Please create an account to participate in the Slashdot moderation system

GnuTLS Flaw Leaves Many Linux Users Open To Attacks 127

Posted by Soulskill on Tuesday June 03, 2014 @01:37PM
from the with-many-eyes-all-maintainers-are-grumpy dept.

A new flaw has been discovered in the GnuTLS cryptographic library that ships with several popular Linux distributions and hundreds of software implementations. According to the bug report, "A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code." A patch is currently available, but it will take time for all of the software maintainers to implement it. A lengthy technical analysis is available. "There don't appear to be any obvious signs that an attack is under way, making it possible to exploit the vulnerability in surreptitious "drive-by" attacks. There are no reports that the vulnerability is actively being exploited in the wild."

This discussion has been archived. No new comments can be posted.

GnuTLS Flaw Leaves Many Linux Users Open To Attacks

Search 127 Comments Log In/Create an Account

Comments Filter:

announcing goatsecret (Score:4, Funny)

by larry bagina (561269) writes: on Tuesday June 03, 2014 @01:48PM (#47158369) Journal

There have been too many problems with existing crypto code so I've developed something better: goatsecret. Instead of relying on math, it relies on a frenchman's gaping asshole. Basically, the software breaks your message/file/whatever into small chunks and superimposes the data in the goatsecret image. Sure, it's not encrypted, but who is going to stare into the void just to get your data? No hacker/cracker/big business/three-letter-agency is that desperate.

Share
twitter facebook linkedin
Re:What's the /. FUD "mantra" we all heard? (Score:4, Funny)

by pushing-robot (1037830) writes: on Tuesday June 03, 2014 @07:06PM (#47160943)

"Windows != Secure, & Linux = Secure"??
It was true for a long time, but then someone trying to be helpful changed it to "Linux == Secure" and it was no longer.

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

553 commentsSystemD Gains New Networking Features
551 commentsSystemd's Lennart Poettering: 'We Do Listen To Users'
361 commentsLinus On Diversity and Niceness In Open Source
329 commentsSteam For Linux Bug Wipes Out All of a User's Files
327 commentsWhy Screen Lockers On X11 Cannot Be Secure

To restore a sense of reality, I think Walt Disney should have a Hardluckland. -- Jack Paar