Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

LXQt 0.11.0 Desktop Environment Arrives After Almost One Year of Development

After being in development for the past eleven months, the next major release of the lightweight, Qt-based LXQt desktop environment has been officially released and it's available for download. Read more

Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses

Today, September 25, 2016, 4MLinux developer Zbigniew Konojacki informs Softpedia about the immediate availability for download of a new, updated version of his popular, independent, free, and open source Antivirus Live CD. Read more

How to: Install Google Chrome web browser on Ubuntu Linux (and uninstall Firefox)

Ubuntu comes with a lot of quality software pre-installed. Unfortunately, the default web browser, Mozilla Firefox, has been on the decline -- it is slow and clunky. On Linux, Google Chrome is now the top web browser, and it is the best way to experience Adobe Flash content too (if you still need it). Installing Google Chrome on the Linux-based operating system is not totally straightforward. This is unfortunate, as the search-giant's web browser is an important part of having an overall quality experience on Ubuntu. Don't worry, however, as we will help you to both install the wonderful Google Chrome and uninstall the disappointing Mozilla Firefox. Read more

Parsix GNU/Linux 8.10 "Erik" Gets the Latest Debian Security Fixes, Update Now

A few minutes ago, the development team behind the Debian-based Parsix GNU/Linux computer operating system announced that new security fixes are now available for the Parsix GNU/Linux 8.10 "Erik" release. Read more