A severe bug in the open-source GnuTLS library, which is used by lots of Linux variants, will undermine the encryption which keeps Web traffic secure from attacks and is similar to the “goto fail” bug in Apple OS, which was discovered in February. If you are a Windows or a Mac user why should you be concerned?   It is because Linux is in  more places than you may realize and Linux variants, which are affected by this security flaw are amongst the most extensively used.

An example of this is Red Hat Enterprise Linux.  It is widely used by Internet servers, which host Web pages that you can access from any computer. Also there is the massively popular Ubuntu Linux.  In fact it is the most common version of Linux that is used on personal computers. Ubuntu is also the foundation of other Linux distributions, namely Linux Mint and the gaming operating system, SteamOS.

Linux Bug Affecting More Systems

Even the ever popular, Android is Linux-based! But before you go into fits of panic, it uses OpenSSL, which is a different SSL/TLS library by default. If you are an Android user, then you should generally be safe from the GnuTLS bug.

The GnuTLS library can be used in Windows or in any Unix-like Operating System, which includes Mac OS X. In fact, this bug can affect any piece of software, which uses the GnuTLS library.

As mentioned earlier, the nature of this bug is comparable to the critical “goto fail” bug discovered and patched in Apple’s Mac OS X, iOS and Apple TV operating systems recently in the later end of February.  But, in both cases, the errors destabilized SSL/TLS encryption, thereby leaving the user unprotected. What is worrying is that both of these bugs appear to have resulted from human error by software coders.

If you use Linux or or a varient of such, then please do not worry as a solution has already been provided.  You need to update to GnuTLS 3.2.12. Linux Mint and Ubuntu users will get this rolled out with their daily update notifications.  The business end of matters, i.e. Red Hat Enterprise, will have to be manually patched by their IT department.

If you have any sensible comments regarding this story, please leave your comments in the section below.

[Image via geeknizer]

SOURCE: http://www.tomsguide.com/us/critical-linux-flaw-gnutls,news-18406.html#xtor=RSS-980