Linux Security Flaw Similar to Apple's
In both cases, incorrect code short-circuited the functions that are supposed to verify whether or not a proper SSL certification has actually been presented. Red Hat found the error during a security audit and describes it thus: “It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”
With my tinfoil hat firmly affixed, I have to ask how likely it is that both bugs occur in similar ways? This is not my area of expertise but it seems really unlikely unless both were introduced on purpose.
Almost nothing would surprise me at this point. Almost.