Paketname
cvs
Datum
2012-03-29
Advisory ID
MDVSA-2012:044
Betroffene Versionen
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

A vulnerability has been found and corrected in cvs:

A heap-based buffer overflow flaw was found in the way the CVS client
handled responses from HTTP proxies. A malicious HTTP proxy could
use this flaw to cause the CVS client to crash or, possibly, execute
arbitrary code with the privileges of the user running the CVS client
(CVE-2012-0804).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 a883573ca234e76fd1179634034a41e4  mes5/i586/cvs-1.12.13-18.1mdvmes5.2.i586.rpm 
 ac4f289b966f7af566c921b7111f186c  mes5/SRPMS/cvs-1.12.13-18.1mdvmes5.2.src.rpm

2010.1 i586

 75eadafea0df6324db8e1036d32f52a7  2010.1/i586/cvs-1.12.13-18.1mdv2010.2.i586.rpm 
 11e671d1b1ef4938a1ea857b6bde2b8b  2010.1/SRPMS/cvs-1.12.13-18.1mdv2010.2.src.rpm

2011 x86_64

 36a3b6d65bbbbf80ce2b949a2c906a2e  2011/x86_64/cvs-1.12.13-18.1-mdv2011.0.x86_64.rpm 
 cd6ef457350d4f25b762efcf613e95e4  2011/SRPMS/cvs-1.12.13-18.1.src.rpm

2011 i586

 8f0aabdd69627ba79ff8c5506e5bbbd5  2011/i586/cvs-1.12.13-18.1-mdv2011.0.i586.rpm 
 cd6ef457350d4f25b762efcf613e95e4  2011/SRPMS/cvs-1.12.13-18.1.src.rpm

MES5 x86_64

 f27b646c50d6412f7d3e855d85b07abb  mes5/x86_64/cvs-1.12.13-18.1mdvmes5.2.x86_64.rpm 
 ac4f289b966f7af566c921b7111f186c  mes5/SRPMS/cvs-1.12.13-18.1mdvmes5.2.src.rpm

2010.1 x86_64

 d2c2e13fb83f5e9548f5fc45e4a9416a  2010.1/x86_64/cvs-1.12.13-18.1mdv2010.2.x86_64.rpm 
 11e671d1b1ef4938a1ea857b6bde2b8b  2010.1/SRPMS/cvs-1.12.13-18.1mdv2010.2.src.rpm

Referenzen