Two GnuTLS Bugfix Releases
The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.
The developers closed down three security holes in the GnuTLS encryption library in version 2.2.4, however, the release introduced a new bug. According to security researchers Secunia, the vulnerabilities closed by the 2.2.4 release were extremely critical.
Attackers could exploit the three bugs to perform denial of service attacks: a sign error in the "_gnutls_ciphertext2compressed()" function, which is part of the "lib/gnutls_cipher.c" library, led to a read/write error capable of crashing applications affected by it. Two further errors occurred in "Client Hello" message processing – attackers could exploit the first error by injecting a manipulated "Server Name" extension to trigger a heap based buffer overflow which could then be exploited to execute arbitrary code. The second error was a null pointer dereference that could cause the application to crash. All of these vulnerabilities were confirmed for all GnuTLS versions prior to 2.2.4.
Version 2.2.5 published the same day removes errors introduced by the developers in 2.2.4, mainly a bug that caused interruptions to service.
The stable release and patches for older versions are available for downloading from various mirror servers. For more information on the vulnerabilities by the developers themselves, visit the GnuTLS website.
Tag Cloud
News
-
Google and NASA Partner in Quantum Computing Project
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
-
Mageia Project Announces Mageia 3 Linux
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.
-
ack 2.0 Released
ack is a grep-like, command-line tool that has been optimized for programmers to search large trees of source code.
-
SUSE Studio 1.3 Released
New features in SUSE Studio 1.3 include enhanced cloud integration, VM platform support, and lifecycle management.
-
Xen To Become Linux Foundation Collaborative Project
The Linux Foundation recently announced that the Xen Project is becoming a Linux Foundation Collaborative Project.
-
RunRev Releases Open Source Version of LiveCode
Open source version of LiveCode is now available for developing apps, games, and utilities for all major platforms.
-
OpenDaylight Project Formed
OpenDaylight is an open source software-defined networking project committed to furthering adoption of SDN and accelerating innovation in a vendor-neutral and open environment.