security advisoryremote exploitdebian
Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System.. Debian Security Advisory DSA 505-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze May 19th, 2004 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : cvs Vulnerability : heap overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0396 Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System. Malformed "Entry" Lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory. This was prooven to be exploitable. For the stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-9woody4. For the unstable distribution (sid) this problem has been fixed in version 1.12.5-6. We recommend that you upgrade your cvs package immediately. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 693 c4580daf3d02e68bf271c3fc2fa9fe8c Size/MD5 checksum: 52212 a44f53ccf950679f3257a2f3487220b7 Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205 Alpha architecture: Size/MD5 checksum: 1178736 503ab302999d5fec9c4cb41f735bc2ab ARM architecture: Size/MD5 checksum: 1105276 8b2536e975a3272b5d10590bd768b6c7 Intel IA-32architecture: Size/MD5 checksum: 1085994 195aa822dbd450bbb3321f17442b3644 Intel IA-64 architecture: Size/MD5 checksum: 1270986 2adee3e24f61234e0c597c55983257df HP Precision architecture: Size/MD5 checksum: 1147338 e1a7eec47c9f6ca11d342c7a680abd93 Motorola 680x0 architecture: Size/MD5 checksum: 1065866 5238933fe0b1d9a9e7e2506cc39d8411 Big endian MIPS architecture: Size/MD5 checksum: 1129740 c6e9a932c2bdabbfee51c792d813a439 Little endian MIPS architecture: Size/MD5 checksum: 1131106 05424d6056d0c9123c88b7e7f6b27f7d PowerPC architecture: Size/MD5 checksum: 1116184 1fe49f6356a160087cf669f7afc12700 IBM S/390 architecture: Size/MD5 checksum: 1097006 6e98ead7e926fc07203cf43e84b1152d Sun Sparc architecture: Size/MD5 checksum: 1107284 47f8dad7b309c9c19542bf1fc9502f77 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Follow these essential steps to address the heap overflow vulnerability in the CVS package on Debian and ensure your system's security effectively. heap overflow, cvs server upgrade, debian security. . Severity: Critical. LinuxSecurity.com Team
May 19, 2004
•Critical
Debian
Refine advisories
