Nom du paquet
Advisory ID
Affected versions
8.1 i586 , SNF7.2 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586

Problem description

Two vulnerabilities were discoverd by Stefen Esser in the cvs program. The first is an exploitable double free() bug within the server, which can be used to execute arbitray code on the CVS server. To accomplish this, the attacker must have an anonymous read-only login to the CVS server. The second vulnerability is with the Checkin-prog and Update-prog commands. If a client has write permission, he can use these commands to execute programs outside of the scope of CVS, the output of which will be sent as output to the client. This update fixes the double free() vulnerability and removes the Checkin-prog and Update-prog commands from CVS.

Updated packages

8.1 i586

 85da2f450c0e1f5d6cb68f6930ffdb04  ia64/8.1/RPMS/cvs-1.11.4-2.2mdk.ia64.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  ia64/8.1/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

SNF7.2 i586

 00c5fa0ceb118e8945e19fc232dfbedc  snf7.2/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  snf7.2/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

8.1 i586

 241c53a0b942290653ae85c3b577777c  8.1/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  8.1/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

8.0 i586

 bfcbd6affe1d5e3d6c67f3aedca5b03b  8.0/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  8.0/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

9.0 i586

 1099ed2410db9d689c1001ce2c8faf64  9.0/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  9.0/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

8.2 i586

 e9f65908d466277ccff091613dc9884d  8.2/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  8.2/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

8.0 i586

 7e11ceed860517f48e8bd574f852f05f  ppc/8.0/RPMS/cvs-1.11.4-2.2mdk.ppc.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  ppc/8.0/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

8.2 i586

 a3c6bd3cf63d1595303f6084c02132ec  ppc/8.2/RPMS/cvs-1.11.4-2.2mdk.ppc.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  ppc/8.2/SRPMS/cvs-1.11.4-2.2mdk.src.rpm

7.2 i586

 00c5fa0ceb118e8945e19fc232dfbedc  7.2/RPMS/cvs-1.11.4-2.2mdk.i586.rpm
3555ee8fcbb21c5c7954c3cc0fe9cf4d  7.2/SRPMS/cvs-1.11.4-2.2mdk.src.rpm