The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,949 other followers

Posts Tagged ‘TLS’

Time for a new “-goto cleanup;+goto fail;” T-Shirt; The Story of the GnuTLS Bug (via: existential type crisis)

Posted by jpluimers on 2014/03/05

A new *n*x bug got discovered in TLS certificate handling that is similar to the recently discovered iOS and OS X “goto fail” security issue.

This time the fix is performing a few replacements linke this:

-goto cleanup;
+goto fail;

Plus one addition:

+fail: // ADDED
+ result = 0;

Applications depending on GnuTLS are affected (there are other libraries providing TLS like OpenSSL), which are many.

Two must-do things:

  • Closely watch the Linux, BDS, other *n*x and application security updates, as exploits will be available soon
  • Read via: existential type crisis : The Story of the GnuTLS Bug as it explains the bug, tracks down the cause, and talks about “lessons to learn”.

I’m with Jan Wildeboer here and updates should get in very soon: Read the rest of this entry »

Posted in Communications Development, Development, Internet protocol suite, Power User, Security, TCP, TLS | Tagged: , , | Leave a Comment »

%d bloggers like this: