Language Selection

English French German Italian Portuguese Spanish

Open-Source CVS Project Plugs Security Leaks

Filed under
Security

Security researchers on Tuesday issued a warning for multiple vulnerabilities in the open-source CVS, a popular program that allows developers to keep track of different development versions of source code.

The most serious of the flaws could allow a remote compromise of unpatched servers, the open-source Concurrent Versions System Project confirmed in an advisory.

The flaws range from buffer overflows and memory leaks that could lead to code execution and denial-of-service attacks.

Security alerts aggregator Secunia has slapped a "moderately critical" rating on the vulnerabilities and recommended that users upgrade to version 1.11.20 immediately.

CVS, also known as the Concurrent Versioning System, implements a version control system that keeps track of all work and changes in the implementation of a software project.

The system is commonly used as a collaboration tool among open-source developers, and the discovery of security flaws could cause serious problems if an attacker embeds malicious code in software revisions and patches.

The CVS Project described the buffer overflow as "potentially serious" but said it may not be exploitable.

Full Story.

More in Tux Machines

Matching databases to Linux distros

Relational database management systems (RDBMSs) aren’t the sort of thing to get most folk out of bed in the morning – unless, of course, you happen to think they’re one of the most brilliant concepts ever dreamed up. These days you can’t sneeze without someone turning it into a table value in a database somewhere - and in combination with the freely available Linux operating system, there’s no end to them. Most Linux distros make it almost trivial to add popular DBMSs to your system, such as MySQL and MariaDB, by bundling them in for free in their online app stores. But how do you tell which combination - which Linux distro and which DBMS - will give you the best performance? This week we've revved up the Labs servers to ask the question: what level of performance do you get from OS repository-sourced DBMSs? Read more

The Curious Case of Raspberry Pi Consumerism

I find the attitude of many within the Raspberry Pi community to be strange and offensive. I first discovered this odd phenomenon (odd because it contradicts the ethos of the project's academic foundations) back when it first started, as many within the Raspberry Pi community took an extremely hostile attitude toward academic freedom, apparently in defence of various parties' highly dubious intellectual monopolies (Broadcom and MPEG-LA, for example). I pointed out the irony and hypocrisy of their attitude at the time, explaining that they were more than happy to leech Free (as in freedom) Software for their own benefit, but then balked at the prospect of freely sharing the results, and in particular this contradicted their stated academic goal of facilitating better computer education in UK schools, an environment that rightly demands open access to knowledge. Read more

Google Chrome 38 Beta Brings New Guest Mode and Easier Incognito Mode Switching

The developers have explained that the user switching feature has been redesigned and it will make changing profiles and into the incognito mode a lot simple. They have also added a new experimental Guest mode, a new experimental UI for Chrome supervised users has been implemented, and numerous under-the-hood changes have been made for stability and performance. "This release adds support for the new element thanks to the hard work of community contributor Yoav Weiss, who was able to dedicate his time to implementing this feature in multiple rendering engines because of a successful crowd-funding campaign that raised more than 50% of its funding goal." Read more

PfSense 2.1.5 Is a Free and Powerful FreeBSD-Based Firewall Operating System

PfSense is a free network firewall distribution based on the FreeBSD, it comes with a custom kernel, and a few quite powerful applications that should make its users’ life a lot easier. Most of the firewall distros are Linux-based, but PfSense is a little bit different and is using FreeBSD. Regular users won't feel anything out of the ordinary, but it's an interesting choice for the base. The developers of PfSense are also saying that their distro has been successful in replacing a number of commercial firewalls such as Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astar, and others. Read more