Are there dangerous security flaws hidden in Linux?

In today's open source roundup: The GnuTLS bug has many people wondering about security in Linux. Plus: MATE 1.8 released, and senior citizens learn to use Linux

Ars Technica has a very disturbing report about the GnuTLS bug. It has many wondering if there are other hidden security flaws in Linux, and what must be done to stop such bugs from happening again.

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

More at Ars Technica
Linux Security Flaws GnuTLS
Image credit: Ars Technica

Please note that you can upgrade to gnutls 3.2.12 to fix the bug noted in Ars' article.

So it seems that Apple's iOS isn't the only operating system with security problems. I know that the GnuTLS bug has freaked a lot of people out, they just didn't expect this kind of a thing to happen with Linux. But it did, and now we have to deal with it.

Let's face it folks, there is no bullet-proof computer operating system out there. Linux has many strengths but it's not perfect and it never will be. I think this is a situation where you have to take a lemon and make lemonade out of it, as much as is humanly possible.

And the way to do that is to consider this an opportunity to step back and take stock in how reviews and coding are handled. Developers need to put on their Sherlock Holmes hats and go into detective mode. They should work to identify all of the possible problem areas and then make the necessary changes to help prevent this kind of problem from ever happening again.


I know that some people will probably use this as a chance to bash Linux and open source. Fine, let them go ahead and do that. Chances are that they would be bashing anyway regardless of what the actual problem was so there's no point in worrying about it.

If the critics actually have useful and valid criticism then it's worth paying attention to their thoughts and noting any useful suggestions. If not, then just disregard them as usual since it's always been that way with some folks that dislike Linux and open source in general.

The GnuTLS bug should be a wake up call for open source developers to review their work, and try to make sure that other potential security headaches are fixed or removed. If that happens then this nasty and bitter lemon will indeed be turned into a sweet, delicious glass of lemonade.

MATE 1.8 desktop released

WebUpd8 reports that version 1.8 of the MATE desktop environment has been released.

1 2 Page 1