Sicherheit: Speicherkorruption in cvs

Lesezeichen hinzufügen

New cvs packages are available to fix a security vulnerability.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jan 21 13:12:20 PST 2003
patches/packages/cvs-1.11.5-i386-1.tgz: Upgraded to cvs-1.11.5.
This release fixes a major security vulnerability in the CVS server
by which users with read only access could gain write access.
Details should be available at this URL (but don't seem to be yet):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
(* Security fix *)
----------------------------

WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated cvs package for Slackware 8.1:
cvs-1.11.5-i386-1.tgz

Updated cvs package for Slackware -current:
cvs-1.11.5-i386-1.tgz

MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.1:
37d76c774c9474bf0117d429d6c3740e cvs-1.11.5-i386-1.tgz

Slackware -current:
c43d82187dfa695aa53aaf5b4d3050a1 cvs-1.11.5-i386-1.tgz

INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new cvs.tgz package:
# upgradepkg cvs.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
http://www.slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+