Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

Intel Dominates The Perf Changes For Linux 4.2

For those using perf for Linux profiling with performance counters, the Linux 4.2 kernel will bring many improvements to benefit Intel customers. Read more Also: Exciting Features Merged So Far For The Linux 4.2 Kernel

BeagleCore Open Source Internet Of Things Development Board (video)

BeagleCore is a new Internet of Things development board that has been created to be 100 percent open source and provide an easy way for makers, developers and hobbyists to have access to all all the core features of BeagleBone Black in a miniaturised computer module. Read more

Red Hat CEO Warns About Faux Open Source

Red Hat CEO Jim Whitehurst spent last week’s annual Summit praising the progress made in open source, but during his opening keynote he also warned attendees about companies that claim to be open source without actually encouraging open participation and innovation from a broad group of users. Read more

Check the Ubuntu Touch Wish List for Apps and New Features

If you have any questions regarding new features and apps that are present, absent, or in the works for the Ubuntu Touch platform, you need to know that there is already a comprehensive wish list out there that takes care of everything. Read more Also: Unity 8 Just Got a Cool 3D App Switcher for the Desktop