Open Source Bug Threatens Linux
Concurrent Versions System repositories could be compromised A weakness in the widely used Concurrent Versions System (CVS) development aid has left Linux and open source code vulnerable to attack. A Computer Emergency Response Team advisory has warned the flaw could allow hackers to alter the operation of the CVS program, read sensitive information or launch denial of service attacks. The CVS version management tool is by far the most popular resource used by the major Linux developers and companies to keep track of different software versions. Although CVS is open source, it is used to keep track of all types of software used by a company. The problem was first reported on 20 January by German software, security and internet company E-Matters. Full Story