Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
Departments

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
UK Linux Jobs
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 

on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Online » News » Two GnuTLS Bugfix Releases  

Print this page. Recommend
Share

Two GnuTLS Bugfix Releases

The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

The developers closed down three security holes in the GnuTLS encryption library in version 2.2.4, however, the release introduced a new bug. According to security researchers Secunia, the vulnerabilities closed by the 2.2.4 release were extremely critical.

Attackers could exploit the three bugs to perform denial of service attacks: a sign error in the "_gnutls_ciphertext2compressed()" function, which is part of the "lib/gnutls_cipher.c" library, led to a read/write error capable of crashing applications affected by it. Two further errors occurred in "Client Hello" message processing – attackers could exploit the first error by injecting a manipulated "Server Name" extension to trigger a heap based buffer overflow which could then be exploited to execute arbitrary code. The second error was a null pointer dereference that could cause the application to crash. All of these vulnerabilities were confirmed for all GnuTLS versions prior to 2.2.4.

Version 2.2.5 published the same day removes errors introduced by the developers in 2.2.4, mainly a bug that caused interruptions to service.

The stable release and patches for older versions are available for downloading from various mirror servers. For more information on the vulnerabilities by the developers themselves, visit the GnuTLS website.

(Jan Rähm)

Comments


Print this page. Recommend
Share
Related Articles
Debian Updates Lenny
Stable Kernel 2.6.22.2 Released
GnuTLS Version 2.0.0 Released
GCC 4.2.2 Fixes Bugs
GnuTLS Removes Questionable Extension
Second Update for Debian Etch
No More Downloads!

Save the download and take Linux Magazine DVDs instead.

Each DVD contains a full distro like Ubuntu, SUSE, Mandriva, Fedora, or Debian and comes with the corresponding issue of Linux Magazine.

Don't waste time downloading Linux!

more...