Debian: 'cvs' Improver variable initialization

    Date05 Mar 2002
    CategoryDebian
    2424
    Posted ByLinuxSecurity Advisories
    The problem is triggered byan improperly initialized global variable. A user exploiting this cancrash the CVS server, which may be accessed through the pserverservice and running under a remote user id. It is not yet clear ifthe remote account can be exposed, through.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 117-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    	 
    http://www.debian.org/security/                             Martin Schulze
    March 5th, 2002
    --------------------------------------------------------------------------
    
    Package        : cvs
    Vulnerability  : improper variable initialization
    Problem-Type   : remote
    Debian-specific: no
    
    Kim Nielsen recently found an internal problem with the CVS server and
    reported it to the vuln-dev mailing list.  The problem is triggered by
    an improperly initialized global variable.  A user exploiting this can
    crash the CVS server, which may be accessed through the pserver
    service and running under a remote user id.  It is not yet clear if
    the remote account can be exposed, through.
    
    This problem has been fixed in version 1.10.7-9 for the stable Debian
    distribution and in version newer than 1.11.1p1debian-3 for the
    testing and unstable distribution of Debian (not yet uploaded,
    though).
    
    We recommend that you upgrade your CVS package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ------------------------------------
    
      Source archives:
    
         http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.dsc
          MD5 checksum: f90a1612f3680766c535d4e8d6309ee2
         http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.diff.gz
          MD5 checksum: 08c24ca9e9bc9f6490bb38939a8c189e
         http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7.orig.tar.gz
          MD5 checksum: 614e72d2a6dff40f3f5bec2e9be270f2
    
      Architecture independent components:
    
         http://security.debian.org/dists/stable/updates/main/binary-all/cvs-doc_1.10.7-9_all.deb
          MD5 checksum: e116fdd2fa30bf75b6e511fe6b6e6290
    
      Alpha architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-alpha/cvs_1.10.7-9_alpha.deb
          MD5 checksum: a1de65bd246e17d2deb993647bfea4b8
    
      ARM architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-arm/cvs_1.10.7-9_arm.deb
          MD5 checksum: 63ae9530b2260ccd89ee8d5ec5fcd9b9
    
      Intel ia32 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-i386/cvs_1.10.7-9_i386.deb
          MD5 checksum: af8331fa78feee3029ebdde3e743adf5
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-m68k/cvs_1.10.7-9_m68k.deb
          MD5 checksum: 3b64d8696495ce8be5972c34277070a8
    
      PowerPC architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/cvs_1.10.7-9_powerpc.deb
          MD5 checksum: 742a220829c357c5095bb40ce07f6f28
    
      Sun Sparc architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-sparc/cvs_1.10.7-9_sparc.deb
          MD5 checksum: d3f832da7a1a7c228292dd32d6059075
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.