Romanian PC Forum Sabitech Media - web design, gazduire web, promovare, seo, logo design si branding


Go Back   Romanian PC Forum > Software > Unix - Linux - BSD

Unix - Linux - BSD Coltul fanilor... distributii, configurari, sfaturi si probleme, tutoriale, etc.


Reply
 
Thread Tools
Old 06.03.2014, 13:25   #1
bogdan
RPC Super Moderator
 
bogdan's Avatar
 
Join Date: 26.06.2010
Posts: 5,352
Thanks: 5,876
Thanked 7,869 Times in 4,000 Posts
Default vulnerabilitate GNU TLS

S-a descoperit recent (3 martie) o vulnerabilitate destul de nasoala in codul gnutls (se pare ca era "la locul ei" de multa vreme):
Quote:
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package.
sursa: aici.

Atata vreme cat gnutls intra in foarte multe distro-uri open source, postez "stirea" in sectiunea generala de linux.

Hopa la updates, mai ales pentru servere ce folosesc conexiuni securizate (vad ca in branch-ul de CentOS 6.5, varianta corectata gnutls-2.8.5-13.el6_5 e deja disponibila ca update).
__________________
CHIAR Imi place Romanian PC Forum - www.rpc-forum.ro!
bogdan is offline   Reply With Quote
The Following 2 Users Say Thank You to bogdan For This Useful Post:
AnbuBlack (06.03.2014), XVanish (06.03.2014)
Old 06.03.2014, 13:33   #2
sdw
RPC Gold Member
 
Join Date: 02.03.2011
Age: 42
Posts: 978
Thanks: 20
Thanked 1,091 Times in 583 Posts
Default Re: vulnerabilitate GNU TLS

GnuTLS nu pare sa fie utilizat de serviciile rulate de obicei pe servere (eu nici nu am biblioteca asta instalata).
__________________
E bine să ai mintea deschisă, dar nu aşa deschisă īncāt să-ţi cadă creierul.
sdw is offline   Reply With Quote
Old 06.03.2014, 16:09   #3
AnbuBlack
*nix enthusiast
 
AnbuBlack's Avatar
 
Join Date: 20.04.2011
Location: 127.0.0.1
Posts: 3,990
Thanks: 4,684
Thanked 6,317 Times in 3,023 Posts
Default Re: vulnerabilitate GNU TLS

Eu sunt pe 3.2.12.1-1 īn care a fost reparat bug-ul din 3.1.21 prin fixul din 3.2.11. Oricum nu folosesc SSL, am acces fizic la mașinii, singura vulnerabilitate putea fi legată de OpenPGP, bine că s-a rezolvat.
__________________
Doar Universul şi prostia umană sunt infinite, īnsă nu sunt sigur de primul. - Albert Einstein


_________________
Manuale:
_FreeBSD: FreeBSD Handbook | The Complete FreeBSD | Unix Toolbox | FAQ
_Arch GNU/Linux : ArchWiki
AnbuBlack is online now   Reply With Quote
The Following User Says Thank You to AnbuBlack For This Useful Post:
bogdan (06.03.2014)
Old 06.03.2014, 17:41   #4
bogdan
RPC Super Moderator
 
bogdan's Avatar
 
Join Date: 26.06.2010
Posts: 5,352
Thanks: 5,876
Thanked 7,869 Times in 4,000 Posts
Default Re: vulnerabilitate GNU TLS

Quote:
Originally Posted by sdw View Post
GnuTLS nu pare sa fie utilizat de serviciile rulate de obicei pe servere (eu nici nu am biblioteca asta instalata).
Asa e; pe CentOS 6 nu prea e nevoie de ea ( "rpm -q --whatrequires gnutls" nu scoate nimic interesant; ar fi samba4 dar nu o folosesc). Pe CentOS 5.x, la Apache e necesara pt. a suporta SNI (rularea mai multor virtualhosts fiecare cu certificat https); trebuie folosit mod_gnutls in locul mod_ssl. Aviz utilizatorilor de versiuni cPanel bazate pe EL5
__________________
CHIAR Imi place Romanian PC Forum - www.rpc-forum.ro!

Last edited by bogdan; 06.03.2014 at 17:44.
bogdan is offline   Reply With Quote
Reply

Bookmarks

Tags
gnutls , security , update , vulnerability


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vulnerabilitate periculoasa in dovecot sdw Unix - Linux - BSD 2 11.10.2011 14:40

 
Advertisement




camere foto digitale

aparate foto digitale


Partner Links
Sabitech Media - dezvoltare web, servicii media

RSP Forum - sateliti.info
Comunitate Satelitara






All times are GMT +2. The time now is 22:40.


Powered by vBulletin® - © Jelsoft Enterprises Ltd.
~ Copyright © 2007-2015 Romanian PC Forum ~
Toate drepturile rezervate

Romanian Sattelites Provider Wi-Fi Magazin