Entries with tag security vulnerability.

Bug Leaves Linux, Open Source Users at Risk

Security researchers have discovered a new vulnerability in open source software that attackers could exploit to launch malware attacks. Developers have since released a patch for the bug in the GnuTLS cryptographic code library, which could place Linux and other open source software users at risk for problems such as buffer overflow attacks. GnuTLS is an open-source implementation of Internet encryption protocols including Secure Sockets Layer; Transport Layer Security; and Datagram Transport Layer Security, used in various Linux distributions. An infected server could exploit the vulnerability during the handshake between the Secure Sockets Layer and Transport Layer Security, culminating in the crash of vulnerable clients. It could also allow attackers to execute code on the system. The vulnerability was reported by Joonas Kuorilehto, a principal systems engineer at Codenomicon, the same vendor of vulnerability-testing tools responsible for finding the Heartbleed flaw in the OpenSSL Internet-security protocol earlier this year. (Ars Technica)(PC World)(Red Hat Bug Tracker)

Security Concerns Prompt Mozilla to Pull Latest Firefox Release

Days after releasing the latest iteration of the Firefox browser, Mozilla has stopped distribution of the software from its website after discovering a security vulnerability that could give scammers access to a user’s browsing history. “The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters,” Mozilla stated. “At this time we have no indication that this vulnerability is currently being exploited in the wild.” Mozilla said it is “actively working on a fix” with an updated planned for release Thursday. Users of the new browser could either downgrade to Firefox 15.0.1 or wait for a patched version of Firefox 16.
(PCMag)(Computerworld)(Mozilla Security Blog)
Days after releasing the latest iteration of the Firefox browser, Mozilla has stopped distribution of the software from its website after discovering a security vulnerability that could give scammers access to a user’s browsing history. “The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters,” Mozilla stated. “At this time we have no indication that this vulnerability is currently being exploited in the wild.” Mozilla said it is “actively working on a fix” with an updated planned for release Thursday. Users of the new browser could either downgrade to Firefox 15.0.1 or wait for a patched version of Firefox 16. (PCMag)(Computerworld)(Mozilla Security Blog)

 

Showing 2 results.