May 22, 2004

CVS flaw has Linux vendors rushing out patches

Linux vendors have rushed to distribute patches for a critical flaw in CVS, a widely used program for collaborating on software development, that could allow a malicious user unauthorized access to development code.

By Friday FreeBSD all the major Linux distributors, including Red Hat Inc., Debian, Suse Linux AG, MandrakeSoft SA, Slackware and Gentoo Software, had all issued patches for the versions of CVS (Concurrent Versioning System) packaged to run on their distributions, following an advisory published earlier this week by German security firm E-Matters. The firm also warned of a similar, more easily exploitable flaw in Subversion, a newer and less popular revision of CVS.



  • Security
Click Here!