Solidot: Red Hat发现GnuTLS存在类似goto fail的漏洞

Solidot

奇客的资讯，重要的东西

Red Hat发现GnuTLS存在类似goto fail的漏洞
http://solidot.org.feedsportal.com/c/33236/f/556826/s/37c2232e/sc/28/l/0L0Ssolidot0Borg0Cstory0Dsid0F38576/story01.htm
Mar 4th 2014, 09:24

Red Hat的安全审计发现，广泛使用的安全类库GnuTLS存在漏洞，无法正确检验特定的伪造SSL证书，因此可被攻击者利用发动中间人攻击，它会将这类伪造证书识别为有效证书。GnuTLS是SSL、TLS和DTLS协议的自由软件实现。漏洞影响所有版本的GnuTLS，唯一的补救方法是升级到刚刚发布的3.2.12 或3.1.22版，或者是对 2.x 分支应用补丁。GnuTLS的错误与苹果最近修复的iOS和OSX系统的goto fail SSL证书处理问题相似。This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.



You are receiving this email because you subscribed to this feed at https://blogtrottr.com

If you no longer wish to receive these emails, you can unsubscribe here:
https://blogtrottr.com/unsubscribe/cz0/jPbdSR