Language Selection

English French German Italian Portuguese Spanish

Red Hat Risk Reflex (The Linux Security Flaw That Isn't)

Filed under
Red Hat
Security

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

Read more ►

More in Tux Machines

Windows 10 vs. Linux Radeon Software Performance, Including AMDGPU-PRO & RadeonSI

As alluded to earlier and on Twitter, the past few days I have been working on a fresh Windows 10 vs. Ubuntu Linux graphics/gaming performance comparison. This time it's looking at the latest Radeon performance using an R9 Fury and RX 480. Tests on Windows were obviously done with Radeon Software Crimson Edition while under Linux were the two latest AMD/RTG Linux driver options: the hybrid AMDGPU-PRO driver and the fully open-source driver via Linux 4.8 and Mesa 12.1-dev. Read more

Flatpak Universal Linux Package Supports Local Path References for Git Sources

Alex Larsson from the Flatpak project has announced the release of a new maintenance update to the universal binary package format for Linux kernel-based operating systems. Read more

Debian-Based Q4OS 1.6 "Orion" Linux Distro Launches with Trinity Desktop 14.0.3

Softpedia has been informed today, August 28, 2016, by the developer of the Debian-based Q4OS GNU/Linux distribution about the immediate availability for download of a new stable release to the "Orion" series, version 1.6. Read more