Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

KDE Plasma 5.7.2 Introduces Lots of Plasma Workspace Improvements, KWin Fixes

KDE released the second maintenance update for the KDE Plasma 5.7 desktop environment series, which has already been adopted by several popular GNU/Linux operating systems. Read more

Gain access to an ARM server running Linux OS, through the cloud

The Linaro Developer Cloud has gone live, and users can apply to test an ARM-based server with Linux Read more

SparkyLinux Now Lets Users Test Drive Linux Kernel 4.7, Here's How to Install It

Just one day after the announcement of the GA release of the Linux 4.7 kernel, the SparkyLinux developers inform their users that they can now test drive the new kernel from the unstable repository. Read more

Clear Linux Is Among the First Distros to Adopt Kernel 4.7, X.Org Server 1.18.4

Today, July 26, 2016, Softpedia was informed by the Clear Linux team about the availability of new software updates for the GNU/Linux operating system designed for the Intel architecture. Read more