Linux Security
    Linux Security
    Linux Security

    Debian: 'cvs' Improver variable initialization

    Date
    2581
    Posted By
    The problem is triggered byan improperly initialized global variable. A user exploiting this cancrash the CVS server, which may be accessed through the pserverservice and running under a remote user id. It is not yet clear ifthe remote account can be exposed, through.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 117-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                             Martin Schulze
    March 5th, 2002
    --------------------------------------------------------------------------
    
    Package        : cvs
    Vulnerability  : improper variable initialization
    Problem-Type   : remote
    Debian-specific: no
    
    Kim Nielsen recently found an internal problem with the CVS server and
    reported it to the vuln-dev mailing list.  The problem is triggered by
    an improperly initialized global variable.  A user exploiting this can
    crash the CVS server, which may be accessed through the pserver
    service and running under a remote user id.  It is not yet clear if
    the remote account can be exposed, through.
    
    This problem has been fixed in version 1.10.7-9 for the stable Debian
    distribution and in version newer than 1.11.1p1debian-3 for the
    testing and unstable distribution of Debian (not yet uploaded,
    though).
    
    We recommend that you upgrade your CVS package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ------------------------------------
    
      Source archives:
    
         https://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.dsc
          MD5 checksum: f90a1612f3680766c535d4e8d6309ee2
         https://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.diff.gz
          MD5 checksum: 08c24ca9e9bc9f6490bb38939a8c189e
         https://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7.orig.tar.gz
          MD5 checksum: 614e72d2a6dff40f3f5bec2e9be270f2
    
      Architecture independent components:
    
         https://security.debian.org/dists/stable/updates/main/binary-all/cvs-doc_1.10.7-9_all.deb
          MD5 checksum: e116fdd2fa30bf75b6e511fe6b6e6290
    
      Alpha architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-alpha/cvs_1.10.7-9_alpha.deb
          MD5 checksum: a1de65bd246e17d2deb993647bfea4b8
    
      ARM architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-arm/cvs_1.10.7-9_arm.deb
          MD5 checksum: 63ae9530b2260ccd89ee8d5ec5fcd9b9
    
      Intel ia32 architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-i386/cvs_1.10.7-9_i386.deb
          MD5 checksum: af8331fa78feee3029ebdde3e743adf5
    
      Motorola 680x0 architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-m68k/cvs_1.10.7-9_m68k.deb
          MD5 checksum: 3b64d8696495ce8be5972c34277070a8
    
      PowerPC architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-powerpc/cvs_1.10.7-9_powerpc.deb
          MD5 checksum: 742a220829c357c5095bb40ce07f6f28
    
      Sun Sparc architecture:
    
         https://security.debian.org/dists/stable/updates/main/binary-sparc/cvs_1.10.7-9_sparc.deb
          MD5 checksum: d3f832da7a1a7c228292dd32d6059075
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  https://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  https://packages.debian.org/
    
    
    
    
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"2","type":"x","order":"1","pct":22.22,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"7","type":"x","order":"2","pct":77.78,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.