Many open-source software, including Linux distributions of Red Hat, Debian, and Ubuntu appears to be vulnerable by a bug in the GnuTLS library which ssl and tls to work around and internet traffic to capture. The bug reminds me of a recent Apple leak.
GnuTLS is a library for ssl/tls implementation and a lot of open-source software, including operating systems and hundreds of programs, makes use of it. There appears however to be a bug in the GnuTLS code, which the ssl/tls security to work around. Ssl and tls are the main encryptieprotocollen for internet traffic and they prevent important communication like online banking and webmail to intercept.
The error in the code causes some authentication checks not carried out. This is not a good authentication of the tls or X509 certificates and invalid certificates will be accepted as valid, describes Existentialize. The bug is in the code, and the reason that it is, would be because of the difficulty in tls implementations, thorough tests.
There was also Apple recently behind: both iOS and OS X appeared vulnerable to the bypass of ssl and tls by a bug in the code that has now become the ‘goto fail’ is going to be called, to the double import of that line of code that the bug caused. Apple has the security vulnerabilities in both operating systems resolved. The GnuTLS bug is discovered during an audit for Red Hat. A GnuTLS developer calls the bug ’embarrassing’. GnuTLS recommends to upgrade to version 3.2.12. Because the library in so many software interwoven, it is likely to take a long time before all the programs and operating systems updated.