LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page GnuTLS bug - thoughts?
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-05-2014, 02:18 AM   #1
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,269
Blog Entries: 24

Rep: Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196Reputation: 4196
GnuTLS bug - thoughts?

Not sure how this affects us all, but just ran across the article...

http://arstechnica.com/security/2014...eavesdropping/

These days, privacy is just a seven letter word...

Quote:
"The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package."
Last edited by astrogeek; 03-05-2014 at 02:19 AM.
 
Old 03-05-2014, 03:10 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106Reputation: 8106
If you are applying Slackware security updates, then you have nothing to worry about, this hole was patched two days ago in all supported versions of Slackware (which means, 13.0 and up).
Code:
Mon Mar  3 23:32:18 UTC 2014
n/gnutls-3.1.22-x86_64-1.txz:  Upgraded.
  Fixed a security issue where a specially crafted certificate could
  bypass certificate validation checks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
  (* Security fix *)
Eric
 
2 members found this post helpful.
Old 03-05-2014, 03:57 AM   #3
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Debian also.
https://www.debian.org/security/2014/dsa-2869
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Installing gnutls 2.x alongside gnutls 3.x yenn Slackware 3 10-27-2013 07:16 PM
GnuTLS: how icegood Linux - Newbie 0 01-03-2013 10:44 AM
GNUTLS connections stails paulwintech Linux - Server 0 05-10-2012 01:25 AM
gnutls 1.4.4 update missmoondog Zenwalk 5 10-28-2006 11:39 PM
GNUTls compilation error Teddy_Horse Linux - Software 0 10-19-2003 05:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:03 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration