Sir Garlon writes:
"Ars Technica is reporting on a critical bug in the GnuTLS library that exposes encrypted traffic to eavesdropping.
The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical "goto fail" flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.
According to the GnuTLS Advisories page, the GNU folks have fixed their bug, too. Users are advised to upgrade or patch their versions of the library."
(Score: 3, Informative) by mrider on Tuesday March 04 2014, @09:05PM
Just did apt-get update && apt-get upgrade and saw the following
Doctor: "Do you hear voices?"
Me: "Only when my bluetooth is charged."
(Score: 1) by cykros on Tuesday March 04 2014, @10:02PM
That looks like you installed gnutls 2.6, rather than 3.1.22 or 3.2.12. Might want to poke a little harder.
I got my fix for Slackware from the slackware-current repos, though I did just notice that the compat32 package is still 3.1.16...not sure what ever makes use of that though, as I have a pretty universally 64 bit system set up. Might have to go see if I can hunt that down, or build it later...
(Score: 3, Informative) by JaKe on Tuesday March 04 2014, @11:12PM
He might be still ok. Nothing wrong in using gnutls26, which contains GNUtls 2.12.something. Depending on the distribution he tracks the fix may already be there. Debian has updates out [debian.org],as does Ubuntu [launchpad.net].
(Score: 5, Interesting) by quacking duck on Tuesday March 04 2014, @09:28PM
Ars says that 'This GnuTLS bug is worse than the big Apple "goto fail" bug patched last week.'
On the one hand, Apple's bug being in open source code may have meant it was caught sooner rather than later, since it's only been in systems for the last year and a bit.
On the other hand, the GnuTLS bug has been around almost 10 years, was a similar mistake, and may have been flagged in 2008 [openldap.org] (as noted in comment on Ars). Which just shows that even among techies, 99% of us will blindly trust the libraries we're provided.
(Score: 3, Insightful) by Nerdfest on Tuesday March 04 2014, @09:53PM
I do like the fact that I had the fix available at the time I read the news. I didn't have to wait for 'patch Tuesday', or whenever some corporation decided it would be convenient for them (generally based on how high profile it is rather than how serious).
(Score: 2, Insightful) by emg on Tuesday March 04 2014, @10:15PM
I don't like the fact that they apparently don't have unit tests for something as important as certificate validation. How could this possibly have got through proper testing?
(Score: 1) by velex on Wednesday March 05 2014, @02:10PM
To be fair, writing unit tests that will allow you to write code (because you did write your unit tests first, right?) that does everything you hope it will do is easy. Writing unit tests that will tease out unexpected behaviors, bugs, and unforeseen caveats is hard.
That being said, perhaps there should have been unit tests to ensure that the errors that the code in question expected, which is the impression I get from TFA although I haven't read the code myself, would have been handled properly.
(Score: 1) by quacking duck on Wednesday March 05 2014, @02:18PM
Except the GnuTLS bug was flagged at least as early as 2008, after which any malicious agent could have exploited it. "The corporation" in this case are analogous to the maintainers of GnuTLS, who took over 5 years to finally release a fix, despite being so serious their release notes admit it was "embarrassing" [gmane.org].
If Apple had been smart and released the iOS and Mac fixes at the same time, instead of letting the world know about it by releasing the iOS fix half a week earlier, then that fix also would've been available at the time most people found out about it in the news.
(Score: 0) by Anonymous Coward on Monday March 17 2014, @05:15AM
How does that count as the bug being flagged in 2008? The 2008 post was about the general crappiness of the code base.
(Score: 5, Insightful) by neiras on Tuesday March 04 2014, @10:18PM
Howard Chu of OpenLDAP (in 2008!): GnuTLS Considered Harmful [openldap.org]
"Looking across more of their APIs, I see that the code makes liberal use of strlen and strcat, when it needs to be using counted-length data blobs everywhere. In short, the code is fundamentally broken; most of its external and internal APIs are incapable of passing binary data without mangling it. The code is completely unsafe for handling binary data, and yet the nature of TLS processing is almost entirely dependent on secure handling of binary data."
Incredible that GnuTLS is used anywhere at all. It's just mind boggling.
(Score: 2, Interesting) by pe1rxq on Tuesday March 04 2014, @10:53PM
This bug had nothing todo with string handling.
Howard might have a point, but it has nothing todo with the current bug.
Lookin at the amount of security problems over the last years it seems GnuTLS is not doing that bad.
Perhaps the competition is that much better? (either in safety or in suitability)
(Score: 2, Informative) by neiras on Tuesday March 04 2014, @11:04PM
Wasn't meaning to imply that Howard's old post had anything to do with the current bug - it doesn't.
Just wanted to point out that GnuTLS has made some pretty scary choices in the past (mangling binary data with string manipulation functions? Really?), and that kind of thing is a pretty good indicator that there will be future problems.
(Score: 2) by Pav on Wednesday March 05 2014, @01:16AM
Unfortunately for GPLed software it's the only game in town due to openssl license incompatibility of openssl. In any case it's good to see long standing bugs get nailed.
(Score: 0) by Anonymous Coward on Thursday March 06 2014, @02:53PM
Please explain what "license incompatibility of openssl" means.
(Score: 2) by Pav on Friday March 07 2014, @04:00AM
GPLed softare is incompatible with Apache licensed software, and can only use openssl by relying on the "link exception" part of the GPL (ie. the part which allows GPLed software to run on closed source OS's).
(Score: 3, Interesting) by TheRaven on Wednesday March 05 2014, @09:43AM
sudo mod me up
(Score: 1) by neiras on Thursday March 06 2014, @08:19AM
I keep thinking that Mozilla's NSS could evolve to fill the role.
(Score: 4, Informative) by DarkMorph on Tuesday March 04 2014, @10:50PM
(Score: 4, Interesting) by Pav on Wednesday March 05 2014, @01:35AM
Debian has made a decision to preferentially link GnuTLS (due to the licensing incompatibility of openssl to GPLed software) eg. their OpenLDAP packages use GnuTLS which is probably what annoys Howard Chu particularly : GnuTLS isn't known for its verbose and informative error messages... it'd be a bitch to support. I've heard OpenLDAP people on IRC refer to the GnuTLS-linked Debian packages as "broken" (even though I've used them for years). I also respect the long term aim of supporting the GPL. Gnome came out of that same aim, and it was inferior until they got their act together. Having said that, the GnuTLS project really does need to get its act together.
(Score: 1) by zeigerpuppy on Wednesday March 05 2014, @01:12AM
Here's why this is good news.
I'm assuming that these were malicious errors probably by a state actor (big assumption I know).
But if this is the case, it means TLS is worth crippling, which means that our overlords believe it is effective encryption.
So, time for code audits but looks like TLS is one of the encryption techs which may not be fundamentally broken.
(Score: 2) by VLM on Wednesday March 05 2014, @12:56PM
or three wrongs, they know that we know that they know, so they are faking it because they have an effective crack for TLS and they want to encourage people to believe in it. In which case stay away from TLS other than honeypots. Although now they know that I know about honeypots, so they won't attack them.
(Score: 2, Funny) by gringer on Wednesday March 05 2014, @04:50AM
Ah, so that's the reason why soylent news doesn't do https logins. They knew already that the certificate system was broken.
Ask me about Sequencing DNA in front of Linus Torvalds [youtube.com]