Is this part of the trend of security attacks on Linux?
Flaws in two popular source code database applications could allow attackers to access and corrupt open-source software projects, according to a security researcher.
One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes.
The CVS software, in particular, is run by many large open-source projects to create servers that maintain the versions of a program under development. Groups developing the Gnome and KDE Linux desktops, the Apache web server and large Linux distributions, are among those that use servers with the source code databases.
These groups were notified of the security issues earlier in May and have already installed patches, said Esser, who is the chief security and technology officer at e-Matters, a German software company.
View: Complete Article
News source: Silicon.com
Flaws in two popular source code database applications could allow attackers to access and corrupt open-source software projects, according to a security researcher.
One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes.
The CVS software, in particular, is run by many large open-source projects to create servers that maintain the versions of a program under development. Groups developing the Gnome and KDE Linux desktops, the Apache web server and large Linux distributions, are among those that use servers with the source code databases.
These groups were notified of the security issues earlier in May and have already installed patches, said Esser, who is the chief security and technology officer at e-Matters, a German software company.
View: Complete Article News source: Silicon.com
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Re: (original subject)
BODY: Varies.
ATTACHMENT: The worm may be attached with one of the following file extensions:
- EXE
- SCR
- PIF
- CMD
- BAT
- the hardcore game-.pif
- Sex in Office.rm.scr
- Deutsch BloodPatch!.exe
Generally, any serious security flaw is addressed speedily (once identified). It is getting the users to patch that is the real challenge!
...except nobody knows when the variant of linux youre using will see its version of the same patch...
http://www.eeye.com/html/Research/Upcoming/
You will see the vunderabilities that are being tracked, and how long they have been open.
Maybe you should spend some of that laughing energy directed elsewhere...
do you even realize that this company is just trying to sell there software.... lol... this vulnerability is that the user is not prompted "correctly" according to them in ie when they are asked to download software... lol OH NO MAYBE FIREFOX HAS THIS HGE SECURITY HOLE!!!!
any of the big risks in the last year have had a fix months, at least weeks before any virus's even came out to exploit them.
And this
A locally-exploitable vulnerability that allows unprivileged code to subvert all operating system or third-party security measures, providing the attacker with privileges greater than SYSTEM.
falls under your "these bugs are so small" category? This is the most serious local exploit possible!
Now I see that you are just a troll, putting out worthless comments without any basis on fact.
Goodbye.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.