[TriLUG] Fwd: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
John Mitchell
john280z at gmail.com
Wed Mar 5 07:31:27 EST 2014
Just checked my Debian Stable (wheezy) and it has the updated/fixed
version, I had updated it on Tuesday.
http://www.debian.org/security/2014/dsa-2869
john mitchell
On Tue, Mar 4, 2014 at 8:30 PM, Steve Holton <sph0lt0n at gmail.com> wrote:
> F.Y.I.
>
>
>
> ---------- Forwarded message ----------
> From: Lauren Weinstein <lauren at vortex.com>
> Date: Tue, Mar 4, 2014 at 3:17 PM
> Subject: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps
> open to eavesdropping
> To: nnsquad at nnsquad.org
>
>
>
> Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
>
> http://j.mp/1jPcVOr (Ars Technica)
>
> "Hundreds of open source packages, including the Red Hat, Ubuntu, and
> Debian distributions of Linux, are susceptible to attacks that
> circumvent the most widely used technology to prevent eavesdropping on
> the Internet, thanks to an extremely critical vulnerability in a
> widely used cryptographic code library. The bug in the GnuTLS library
> makes it trivial for attackers to bypass secure sockets layer (SSL)
> and Transport Layer Security (TLS) protections available on websites
> that depend on the open source package. Initial estimates included in
> Internet discussions such as this one indicate that more than 200
> different operating systems or applications rely on GnuTLS to
> implement crucial SSL and TLS operations, but it wouldn't be
> surprising if the actual number is much higher. Web applications,
> e-mail programs, and other code that use the library are vulnerable to
> exploits that allow attackers monitoring connections to silently
> decode encrypted traffic passing between end users and servers. The
> bug is the result of commands in a section of the GnuTLS code that
> verify the authenticity of TLS certificates, which are often known
> simply as X509 certificates."
>
> - - -
>
> --Lauren--
> Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
> Co-Founder: People For Internet Responsibility:
> http://www.pfir.org/pfir-info
> Founder:
> - Network Neutrality Squad: http://www.nnsquad.org
> - PRIVACY Forum: http://www.vortex.com/privacy-info
> Member: ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Google+: http://google.com/+LaurenWeinstein
> Twitter: http://twitter.com/laurenweinstein
> Tel: +1 (818) 225-2800 / Skype: vortex.com
> _______________________________________________
> nnsquad mailing list
> http://lists.nnsquad.org/mailman/listinfo/nnsquad
>
>
>
> --
> --
> Steve Holton
> sph0lt0n at gmail.com
> --
> This message was sent to: john mitchell <john280z at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/john280z%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list