MDKSA-2003:112

Package name
cvs
Date
2003-12-08
Advisory ID
MDKSA-2003:112
Affected versions
CS2.1 x86_64 , CS2.1 i586 , 9.2 i586 , 9.0 i586 , 9.1 i586 , 9.1 i586

Problem description

A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions.

Updated packages

CS2.1 x86_64

 2a052c43d454d6b5839c45106ebd78c6  x86_64/corporate/2.1/RPMS/cvs-1.11.10-0.1.C21mdk.x86_64.rpm
60da7875867b5162d6289124e20f56f3  x86_64/corporate/2.1/SRPMS/cvs-1.11.10-0.1.C21mdk.src.rpm

CS2.1 i586

 3df2e61371a43ace630867b785bdd2c8  corporate/2.1/RPMS/cvs-1.11.10-0.1.C21mdk.i586.rpm
60da7875867b5162d6289124e20f56f3  corporate/2.1/SRPMS/cvs-1.11.10-0.1.C21mdk.src.rpm

9.2 i586

 449dd893fe2f4be99720e6429291bcd9  9.2/RPMS/cvs-1.11.10-0.1.92mdk.i586.rpm
65182f4e05d59d8fc849e638b938cf25  9.2/SRPMS/cvs-1.11.10-0.1.92mdk.src.rpm

9.0 i586

 5806c1f58d1a4b50071c4e8eabf8ca70  9.0/RPMS/cvs-1.11.10-0.1.90mdk.i586.rpm
34d0619fb9a4b33bc267077ec53c4325  9.0/SRPMS/cvs-1.11.10-0.1.90mdk.src.rpm

9.1 i586

 09a0e4a98785f7c280721f8da9464d56  9.1/RPMS/cvs-1.11.10-0.1.91mdk.i586.rpm
bdc1ec67c325d52513e363a65d4966f4  9.1/SRPMS/cvs-1.11.10-0.1.91mdk.src.rpm

9.1 i586

 a98001e93bb247876fb43da2b605bec6  ppc/9.1/RPMS/cvs-1.11.10-0.1.91mdk.ppc.rpm
bdc1ec67c325d52513e363a65d4966f4  ppc/9.1/SRPMS/cvs-1.11.10-0.1.91mdk.src.rpm

References