Internet, Patches and updates, Security

More flaws found in critical security software

Leave a comment

Two new vulnerabilities were recently discovered in widely-used security software OpenSSL and GnuTLS.

The OpenSSL vulnerability is not as dangerous as the infamous Heartbleed bug, but can allow attackers to pull private information from communications between unpatched systems, including passwords.

The GnuTLS vulnerability can be used by malicious persons to execute arbitrary code on devices accessing specially-crafted web pages.

As with Heartbleed, these vulnerabilites mainly affect servers, although client software and operating systems that use the GnuTLS and OpenSSL libraries are also at risk. Patches are expected to be made available soon.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

View all posts by jrivett | Website

Leave a Reply

Your email address will not be published. Required fields are marked *