Massive security flaw in GNU/Linux crypto code

A major, critical security flaw in a key cryptographic program used by most flavors of GNU/Linux as well as other free/open operating systems has been reported. The bug, which appears in the Gnutls code, allows for undetectable man-in-the-middle attacks against affected systems. My operating system, Ubuntu, had an update waiting for it this morning that patched this. If you're running any flavor of Linux or BSD, you should immediately check for, and apply, any TLS patches offered through your distribution.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical "goto fail" flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

"It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification," an advisory issued by Red Hat warned. "An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker."

GnuTLS developers published this bare-bones advisory that urges all users to upgrade to version 3.2.12. The flaw, formally indexed as CVE-2014-0092, is described by a GnuTLS developer as "an important (and at the same time embarrassing) bug discovered during an audit for Red Hat." Debian's advisory is here.

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping [Dan Goodin/Ars Technica]