Debian Linux Suffers From 'Major Security Flaw,' Gartner Warns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Operating Systems

Debian Linux Suffers From 'Major Security Flaw,' Gartner Warns

The open source operating system is said to be vulnerable to hacks that could leave users' personal data exposed to identity thieves.

A popular distribution of the Linux open source operating system is vulnerable to hacks that could leave users' personal data exposed to identity thieves, according to IT consulting group Gartner.

The problem: Debian GNU/Linux's implementation of the Secure Sockets Layer communications protocol "made it easy for attackers to discover encryption keys," Gartner said in its report.

Encryption keys are bits of information that allow computers to interpret coded information.

Debian uses the open source OpenSSL version of Secure Sockets Layer. Gartner said the security glitch can be traced to the fact that Debian developers implemented changes to OpenSSL to fix a memory leak without first consulting the OpenSSL development community.

"The Debian 'fix' resulted in a serious weakness in the OpenSSL random number generator," the researchers said. The vulnerability "highlights one of the risks of using software products that incorporate open-source modules," Gartner said in the report, which was issued last week.

Gartner said the Debian organization was unresponsive to its attempts to contact it about the issue. "We believe this experience confirms our view that open-source process communications require significant improvements," Gartner said.

Debian has issued a patch to fix the problem. Gartner is advising businesses that use Debian GNU/Linux to implement the patch and regenerate all cryptographic keys generated by Debian OpenSSL versions beginning with 0.9.8c-1.

In general, businesses that use open source software need to adopt vulnerability management processes that include an application inventory to identify "open-source software dependencies" and ensure all current patches have been implemented, Gartner said.

The Debian project was launched in 1993 by Purdue University student Ian Murdock.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll