Firefighters return, more in need of rescue than ever::
get him in serious trouble, there are even bigger and more perilous problems for Longs Drug Stores approves sale to CVS
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/06/13/DDG3QQDKAV1.DTL&type=tvradioHOME |
In a security advisory issued today, iDefense announced
the discovery of yet another Concurrent Versions System (CVS)
flaw.
According to the security research firm's advisory, the
"Undocumented Flag Information Disclosure Vulnerability"
allows for the remote exploitation of an information disclosure
vulnerability in CVS that "allows attackers to glean information."
In their analysis, the successful execution of the exploit would allow an
attacker to gain credentials to the CVS server, which would permit them to
determine, "whether or not arbitrary system files and directories exist
and are accessible under the permissions of the user that the CVS daemon
runs under."
The vulnerability was found in an undocumented switch that is implemented
in src/history.c via the 'history' command. The vulnerability has already
been patched in the most recent versions of CVS.
Security researchers
discovered
a number of critical CVS flaws in late May, which preceded the discovery of
more flaws in June.
Linux.com :: ReactOS concept is more promise than production::
I have so much trouble keeping up with the Open Source Communitys constantly explorer in CVS under the explorer-lean tag that you might like a little more.
http://www.linux.com/articles/37431HOME |
The vulnerabilities include some particularly worrisome issues like heap
overflow and the ability to execute arbitrary code, among others. CVS was
updated in June to protect against those flaws at which time all CVS users
were urged to upgrade to the latest patched version.
All the major Linux distributions have already issued updated binaries for
CVS, and the core project maintainers have posted the newest source
on the CVS Web site.
CVS is a source code maintenance system that has become the defacto
standard software configuration management system of the Free and
Open Source development communities. It allows multiple disparate
developers to contribute and collaborate on code without version
conflicts. CVS also allows developers to record and track all committed
changes, as well as store the current version of the source code.
 Flash Video Takes a Front Seat
 HP Gets Call for Carriers | 
HOME