Slackware: 2004-140-01 Critical: Upgrade CVS to Patch Buffer Overflow
slackware
May 20, 2004
New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS s...
Summary
Here are the details from the Slackware 9.1 ChangeLog: Wed May 19 14:16:32 PDT 2004 patches/packages/cvs-1.11.16-i486-1.tgz: Upgraded to cvs-1.11.16. From the NEWS file: A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0396 (* Security fix *)
Topics Covered
Where Find New Packages
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware -current:
MD5 Signatures
Slackware 8.1 package:
331f90ce4d283fb21fb83b5367931a46 cvs-1.11.16-i386-1.tgz
Slackware 9.0 package:
26d5ccf024151d8738abd0c62e78a6ac cvs-1.11.16-i386-1.tgz
Slackware 9.1 package:
a65697b36eae4b10c7418eea2c3f0c0e cvs-1.11.16-i486-1.tgz
Slackware -current package:
dc3175ea975873d4e18fcc250e5dba2b cvs-1.11.16-i486-1.tgz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: First, shut down the cvs server if you are running one. Then, upgrade the package: # upgradepkg cvs-1.11.16-i486-1.tgz Finally, restart the CVS server.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!