Google Play icon

Red Hat programmer discovers major security flaw in Linux

Posted March 10, 2014
Programmer Nikos Mavrogiannopoulos who works for Red Hat, has discovered a major security problem with the Linux operating system—a bug that could allow a hacker to create a certificate that could bypass the normal authenticity checks. Red Hat sent out an immediate alert and suggests all those who use its product update their software with a fix they’ve made available.

Officially known as CVE-2014-0092, the bug appears to be a simple programming error—one that has been in a part of the Linux operating system for over a decade. More specifically, the bug involves GnuTLS’s (a library of functions used for processing certificate requests) validation of X509 certificates. In many respects, the error appears to be similar to the “goto fail” security problem that cropped up in iOS and OS X recently. At issue in both cases is the infamous GOTO computer command which has been criticized by several high profile programmers for several years. Problems occur with it due to a programmer failing to consider one or more events. GOTO commands are called on demand, i.e. IF condition GOTO some other part of the code. The problem can be made worse if negative conditions are used because humans can’t always think of every possible outcome.

Read more at:

Featured news from related categories:

Technology Org App
Google Play icon
87,049 science & technology articles