Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

Telegram Desktop for Linux Review

Telegram is an instant messaging service that is best known for its mobile implementation, but a desktop app is also available and it's even better than what users might expect. Read more

KaOS 2015.02 Distro Brings a Unique, Pure KDE Plasma 5 Experience - Screenshot Tour

The KaOS development team was proud to announce on February 24 the immediate availability for download of the KaOS 2015.02 Linux kernel-based operating system for personal computers and laptops. This is the first ever release of the KaOS Linux distribution with the next-generation KDE Plasma desktop environment, powered by the latest KDE Frameworks 5 technology. Read more

Snowden's favourite Linux - Tails - rushes sec-fix version to market

The developers want to kill off the previous version, Tails 1.2.3, as soon as possible, with a list of 14 security issues covering everything from the Tor browser and its network security services (NSS) through to a sudo privilege escalation bug. Read more