News

GnuTLS contains serious vulnerability

By admin
Spread the love

The developers of the GnuTLS library, an open source implementation of the ssl, tls, and dtls protocols, warn of a security vulnerability in the client version. GnuTLS is used in Linux distributions such as Red Hat and Ubuntu, among others.

The vulnerability makes it possible to remotely launch code on a Linux computer without the user’s knowledge. To do this, an attacker has to send a manipulated ServerHello message via a server. An error in the parsing of this ServerHello message causes access to the client’s working memory after a buffer overflow. This allows the attacker to, for example, crash a Linux PC or place malware on it.

Red Hat has classified the bug as ‘severe’. Updates for various versions of GnuTLS have since been released. These bear the version numbers 3.1.25, 3.2.15 and 3.3.3. Almost all known Linux distributions have now included the updates in their repositories.

The bug in GnuTLS was discovered and published by Joonas Kuorilehto of the company Codenomicon. This security company previously discovered the Heartbleed bug in OpenSSL, a bug that has had a major impact.

You might also like
News

EU Council determines position on security requirements for digital products

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting

News

Statcounter: Linux had more than three percent desktop market share for the first…

News

Proton releases Windows app for encrypted cloud storage service Proton Drive

News

SUSE to fork Red Hat Enterprise Linux after source code access restrictions