GnuTLS contains serious vulnerability

Spread the love

The developers of the GnuTLS library, an open source implementation of the ssl, tls, and dtls protocols, warn of a security vulnerability in the client version. GnuTLS is used in Linux distributions such as Red Hat and Ubuntu, among others.

The vulnerability makes it possible to remotely launch code on a Linux computer without the user’s knowledge. To do this, an attacker has to send a manipulated ServerHello message via a server. An error in the parsing of this ServerHello message causes access to the client’s working memory after a buffer overflow. This allows the attacker to, for example, crash a Linux PC or place malware on it.

Red Hat has classified the bug as ‘severe’. Updates for various versions of GnuTLS have since been released. These bear the version numbers 3.1.25, 3.2.15 and 3.3.3. Almost all known Linux distributions have now included the updates in their repositories.

The bug in GnuTLS was discovered and published by Joonas Kuorilehto of the company Codenomicon. This security company previously discovered the Heartbleed bug in OpenSSL, a bug that has had a major impact.

You might also like
Exit mobile version