Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

GNU/Linux: the desktop that never was

About 6 years ago, I wrote an article about why I felt that installing software in GNU/Linux was broken. It pains me to say that the situation is, sadly, exactly the same:GNU/Linux never made it to personal computers, really, and at this point it looks like it never will. http://www.freesoftwaremagazine.com/articles/gnulinux_desktop_never_was

GNU/Linux: the desktop that never was

About 6 years ago, I wrote an article about why I felt that installing software in GNU/Linux was broken. It pains me to say that the situation is, sadly, exactly the same:GNU/Linux never made it to personal computers, really, and at this point it looks like it never will. http://www.freesoftwaremagazine.com/articles/gnulinux_desktop_never_was

UK Government Analyzes Ubuntu 14.04 LTS Security

The UK government releases every year a security guidance that details various problems and security problems that are identified in systems used by the authorities. They also revealed some issues with Ubuntu 14.04 LTS, although it's not something major. Read more

AndEX Now Lets You Run Android Lollipop 5.0.2 on Your PC with Linux Kernel 4.0

The AndEX Live DVD that we introduced to you a few weeks ago has been updated today with new features, such as the latest Linux 4.0 kernel. Read more