(The Hosting News) – Over the weekend developers released an update that patched security flaws found in the GnuTLS code of Linux PCs running applications such as RedHat, Debian, and Ubuntu.
According to ArsTechnica, the bug is capable of sending malicious data to devices with encrypted HTTPS connections, allowing the attackers to remotely control devices by the corrupted coding.
“A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake,” wrote RedHat. “A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or possibly execute arbitrary code.”
An update for the bug was released on Friday for GnuTLS versions 3.1.23, 3.2.15, and 3.3.4, though the bug was discovered at least two weeks ago.
RedHat’s Fedora project and Extra Packages for Enterprise Linux version 5 was affected by this vulnerability, ZDNet reports.
The security flaw found in the GnuTLS crytographic library was found by Joonas Kuorilehto of Codenomicon, the same company that discovered the OpenSSL Heartbleed bug.