Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

New Releases

Notifications Without User Interaction on Ubuntu Are Annoying

The Unity desktop environment has a simple and rather ineffective system notification mechanism and it looks like that's not going to change, not even with the arrival of Unity 8. Read more

Librem Linux Laptop Drops NVIDIA Graphics But Still Coming Up Short Of Goal

One of the oddest things I found about the crowd-funded Librem 15 laptop when writing about it last month was that it wanted to be open-source down to the component firmware/microcode yet they opted to ship with a NVIDIA GPU. In an updated earlier this month, at least they came to their senses and dropped the discrete NVIDIA GPU. While I have no problems recommending NVIDIA graphics for Linux gamers and those wanting the best performance, that's only when using the proprietary drivers, and certainly wouldn't recommend it for a fully open-source system -- NVIDIA on the desktop side doesn't do much for the open-source drivers, let alone down to the firmware/microcode level. Instead the Librem folks have opted to upgrade the design to using an Intel Core i7 4770HQ processor that features more powerful Intel Iris Pro 5200 Graphics, which isn't as powerful as a discrete NVIDIA GPU but at least is more open-source friendly. Read more

Ruby 2.2.0 Released

We are pleased to announce the release of Ruby 2.2.0. Ruby 2.2 includes many new features and improvements for the increasingly diverse and expanding demands for Ruby. Read more