A worse than go to fail discovered on Mac OS and iOS, and Apple recently patched bug. Particularly it affects at least 200 packets of free or open source software, including GNU / Linux Red Hat (RHEL, Fedora), Canonical (Ubuntu and derivatives) or Debian. In addition to implementing within distributions, we could note that various mail clients and applications are potentially subject to risk.
In fact, any software based on GnuTLS to integrate functionality on the SSL and TLS protocols can hit. The management of certain GnuTLS errors when checking the type X509 certificates. It would bring incorrect certificates validated by the system. According to Red Hat, an attacker could use the flaw to create a certificate that would be accepted as valid by GnuTLS to a site chosen by the attacker. The bug is present since at least 2005 in the library.
Many errors are related to requests "go to cleanup”, which increases the apparent similarity with the flaw affecting Apple systems. But its complexity arises primarily from the impact that many lines of code, says Ars Technica. GnuTLS developers required to upgrade to the 3.2.12 release. This does not fix the bug for now, the discoveries made following an audit requested by Red Hat has not shown all their ramifications. You may expect hear again about this major flaw soon.
