Severe Security Vulnerabilities threaten Linux Users

A source code error in the GnuTLS library may prove to be a serious threat to Linux user privacy. Therefore, developers urgently fix this vulnerability. The GnuTLS library is an open source software component used by a large number of different Linux releases to handle secure Internet connections.

GnuTLS developer Nikos Mavrogiannopolous announced on Monday that he had used patches for the source code to fix the vulnerability. This vulnerability allows attackers to cheat the GnuTLS system during certificate verification and expose secure connections to eavesdroppers.

By creating a specific type of fake certificate, attackers can trick GnuTLS into accepting it as a real certificate and approve access to secure connections. In this way, intruders can monitor the communication traffic through the connection in plain text mode, and even embed their own code to open a channel for further attacks.

Mavrogiannopolous says this software flaw is "embarrassing ". He said that this problem was discovered when an auditor performed a performance audit on behalf of his employer, Red Hat. According to the Security Bulletin released by the LWN.net website, some major Linux versions have used patches provided by Mavrogiannopolous. Ubuntu, Debian, Fedora, Red Hat, Oracle, Slackware, and SUSE have released software updates designed to fix this vulnerability.

The message was sent several days after Apple fixed the same security vulnerability in its software. The security vulnerability in Apple software can expose iOS and OS X users to similar man-in-the-middle attacks. Because Apple products have a wide range of consumer users, the "goto fail" issue has received wide attention. Some critics even blame apple for its drive to slowly fix this security vulnerability.