Security Protection – Harry Waldron MVP Rotating Header Image

SSL Security – Open Source GnuTLS library vulnerability patched

While this implementation of SSL is not widely used in the business community, it is widely used to distribute Linux updates.

http://www.computerworld.com/s/article/9248792/GnuTLS_library_flaw_could_expose_SSL_clients_systems

https://bugzilla.redhat.com/show_bug.cgi?id=1101932

QUOTE: The memory corruption vulnerability, which is tracked as CVE-2014-3466, was fixed in GnuTLS 3.3.3, GnuTLS 3.2.15 and GnuTLS 3.1.25 released Friday. Since then, the GnuTLS developers also released GnuTLS 3.3.4 to fix a non-security-related hardware acceleration bug. GnuTLS is an open-source implementation of the SSL (Secure Sockets Layer), TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security) protocols which are used to encrypt communications on the Internet.  While not as popular as the OpenSSL library, GnuTLS is still widely used, being shipped by default with various Linux distributions including Red Hat, Ubuntu and Debian. Over 200 Linux software packages also depend on it for SSL/TLS support.

Comments are closed.