Slackware: CVE-2003-0015 Severe: Cvs Double Free Vulnerability Attack
slackware
January 23, 2003
On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges.
Summary
Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Tue Jan 21 13:12:20 PST 2003 patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5. This release fixes a major security vulnerability in the CVS server by which users with read only access could gain write access. Details should be available at this URL (but don't seem to be yet): CVE -CVE-2003-0015 (* Security fix *) ---------------------------- WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated cvs package for Slackware 8.1: Updated cvs package for Slackware -current: MD5 SIGNATURE: -------------- Here is the md5sum for the package: Slackware 8.1: 37d76c774c9474bf0117d429d6c3740e cvs-1.11.5-i386-1.tgz Slackware -current: c43d82187dfa695aa53aaf5b4d3050a1 cvs-1.11.5-i386-1.tgz INSTALLATION INSTRUCTIONS: -------------------------- As root, upgrade to the new cvs.tgz package: #
Read the Full Advisory
Where Find New Packages
MD5 Signatures
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!