Language Selection

English French German Italian Portuguese Spanish

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

More in Tux Machines

today's howtos

Games and Wine: Hacknet - Deluxe, Full Metal Furies and More

Android Leftovers

Graphics: XWayland and Mesa

  • XWayland Gets Patches For Better EGLStreams Handling
    While the recently released X.Org Server 1.20 has initial support for XWayland with EGLStreams so X11 applications/games on Wayland can still benefit from hardware acceleration, in its current state it doesn't integrate too well with Wayland desktop compositors wishing to support it. That's changing with a new patch series.
  • Intel Mesa Driver Finally Supports Threaded OpenGL
    Based off the Gallium3D "mesa_glthread" work for threaded OpenGL that can provide a measurable win in some scenarios, the Intel i965 Mesa driver has implemented this support now too. Following the work squared away last year led in the RadeonSI driver, the Intel i965 OpenGL driver supports threaded OpenGL when the mesa_glthread=true environment variable is set.
  • Geometry & Tessellation Shaders For Mesa's OpenGL Compatibility Context
    With the recent Mesa 18.1 release there is OpenGL 3.1 support with the ARB_compatibility context for the key Gallium3D drivers, but Marek Olšák at AMD continues working on extending that functionality under the OpenGL compatibility context mode.
  • Mesa Begins Its Transition To Gitlab
    Following the news from earlier this month that FreeDesktop.org would move its infrastructure to Gitlab, the Mesa3D project has begun the process of adopting this Git-centered software.