Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

How open source can be a gateway to your next job

By my observation, the demand for people in open source is at an all-time high. Open source technologies such as programming languages, libraries, and tools are now mainstream. Participating in an open source community can help you learn those tools, and when you go on job interviews you can not only discuss your shiny new degree, but you can point to things you've actually done that made a difference. Read more

Sony SmartWatch 3 Review: Android Wear's First Generation Champion

Sony is both early to the smartwatch game, and late at the same time. The SmartWatch 3 puts aside some of the lessons of Sony’s previous wearables, but manages to learn some valuable lessons from the competition. Read more

Ubuntu's Mir Gains Server-Side Platform Probing

The latest big feature landing in Ubuntu's Mir display server by Canonical is server-side platform probing support, which landed just before the weekend. Read more

MakuluLinux Xfce 7.1 Released.

MakuluLinux Xfce 7.1 has been released, please click here to read the updated release notes and download links, or head to the Xfce section in menu above. Read more