A new flaw has been discovered in the GnuTLS cryptographic library that ships with several popular Linux distributions and hundreds of software implementations. According to the bug report, "A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code." A patch is currently available, but it will take time for all of the software maintainers to implement it. A lengthy technical analysis is available. "There don't appear to be any obvious signs that an attack is under way, making it possible to exploit the vulnerability in surreptitious "drive-by" attacks. There are no reports that the vulnerability is actively being exploited in the wild."

darthcamaro (735685) writes "Barely a week after Robyn Bergeron announced her intention to step down, Red Hat today announced that Matthew Miller is now the new Fedora Project Leader. Miller is the guy that came up with the whole Fedora.next proposal which is now reshaping Red Hat's community Linux project. Miller has a clear view of how his leadership will work in the cat-herding world of open source: 'As the FPL, you've got the responsibility, but no actual authority to tell anyone to do things,' Miller said. 'So you have to find people that have an interest and are aligned with the direction you want to go.'"