LinuxQuestions.org - GnuTLS bug

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - GnuTLS bug - thoughts? (https://www.linuxquestions.org/questions/slackware-14/gnutls-bug-thoughts-4175497083/)

astrogeek

03-05-2014 02:18 AM

GnuTLS bug - thoughts?

Not sure how this affects us all, but just ran across the article...

http://arstechnica.com/security/2014...eavesdropping/

These days, privacy is just a seven letter word...

Quote:

"The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package."

Alien Bob

03-05-2014 03:10 AM

If you are applying Slackware security updates, then you have nothing to worry about, this hole was patched two days ago in all supported versions of Slackware (which means, 13.0 and up).

Code:

Mon Mar  3 23:32:18 UTC 2014

n/gnutls-3.1.22-x86_64-1.txz:  Upgraded.

  Fixed a security issue where a specially crafted certificate could

  bypass certificate validation checks.

  For more information, see:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092

  (* Security fix *)

Eric

descendant_command

03-05-2014 03:57 AM

Debian also.
https://www.debian.org/security/2014/dsa-2869

All times are GMT -5. The time now is 03:58 PM.