Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 6 Mar 2012 14:48:30 -0600 Reply-To:This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific LinuxFrom: This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: Security ERRATA Moderate: cvs on SL5.x, SL6.x i386/x86_64 Comments: To:This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Moderate: cvs security update Issue Date: 2012-02-21 CVE Numbers: CVE-2012-0804 Concurrent Version System (CVS) is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. (CVE-2012-0804) All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue. SL5: i386 cvs-1.11.22-11.el5_8.1.i386.rpm cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm cvs-inetd-1.11.22-11.el5_8.1.i386.rpm x86_64 cvs-1.11.22-11.el5_8.1.x86_64.rpm cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm SL6: i386 cvs-1.11.23-11.el6_2.1.i686.rpm cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm x86_64 cvs-1.11.23-11.el6_2.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm - Scientific Linux Development Team