MDVSA-2012:044
- Nom du paquet
- cvs
- Date
- 2012-03-29
- Advisory ID
- MDVSA-2012:044
- Affected versions
- MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in cvs:
A heap-based buffer overflow flaw was found in the way the CVS client
handled responses from HTTP proxies. A malicious HTTP proxy could
use this flaw to cause the CVS client to crash or, possibly, execute
arbitrary code with the privileges of the user running the CVS client
(CVE-2012-0804).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
a883573ca234e76fd1179634034a41e4 mes5/i586/cvs-1.12.13-18.1mdvmes5.2.i586.rpm ac4f289b966f7af566c921b7111f186c mes5/SRPMS/cvs-1.12.13-18.1mdvmes5.2.src.rpm
2010.1 i586
75eadafea0df6324db8e1036d32f52a7 2010.1/i586/cvs-1.12.13-18.1mdv2010.2.i586.rpm 11e671d1b1ef4938a1ea857b6bde2b8b 2010.1/SRPMS/cvs-1.12.13-18.1mdv2010.2.src.rpm
2011 x86_64
36a3b6d65bbbbf80ce2b949a2c906a2e 2011/x86_64/cvs-1.12.13-18.1-mdv2011.0.x86_64.rpm cd6ef457350d4f25b762efcf613e95e4 2011/SRPMS/cvs-1.12.13-18.1.src.rpm
2011 i586
8f0aabdd69627ba79ff8c5506e5bbbd5 2011/i586/cvs-1.12.13-18.1-mdv2011.0.i586.rpm cd6ef457350d4f25b762efcf613e95e4 2011/SRPMS/cvs-1.12.13-18.1.src.rpm
MES5 x86_64
f27b646c50d6412f7d3e855d85b07abb mes5/x86_64/cvs-1.12.13-18.1mdvmes5.2.x86_64.rpm ac4f289b966f7af566c921b7111f186c mes5/SRPMS/cvs-1.12.13-18.1mdvmes5.2.src.rpm
2010.1 x86_64
d2c2e13fb83f5e9548f5fc45e4a9416a 2010.1/x86_64/cvs-1.12.13-18.1mdv2010.2.x86_64.rpm 11e671d1b1ef4938a1ea857b6bde2b8b 2010.1/SRPMS/cvs-1.12.13-18.1mdv2010.2.src.rpm