Is this part of the trend of security attacks on Linux?
Flaws in two popular source code database applications could allow attackers to access and corrupt open-source software projects, according to a security researcher.
One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer, less widely used system known as Subversion, said Stefan Esser, the researcher who discovered the security holes.
The CVS software, in particular, is run by many large open-source projects to create servers that maintain the versions of a program under development. Groups developing the Gnome and KDE Linux desktops, the Apache web server and large Linux distributions, are among those that use servers with the source code databases.
These groups were notified of the security issues earlier in May and have already installed patches, said Esser, who is the chief security and technology officer at e-Matters, a German software company.
View: Complete Article
News source: Silicon.com