Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in CVS
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in CVS
ID: USN-1371-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 22. Februar 2012, 18:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0804
Applikationen: CVS

Originalnachricht


--===============5069237272139163578==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-JpMzcWIBgbuZjkVCu6cp"


--=-JpMzcWIBgbuZjkVCu6cp
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1371-1
February 22, 2012

cvs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

cvs could be made to crash or run programs as your login if it connected to
a malicious proxy server.

Software Description:
- cvs: Concurrent Versions System

Details:

It was discovered that cvs incorrectly handled certain responses from
proxy servers. If a user were tricked into connecting to a malicious proxy
server, a remote attacker could cause cvs to crash, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
cvs 2:1.12.13+real-6ubuntu0.1

Ubuntu 11.04:
cvs 1:1.12.13-12ubuntu1.11.04.1

Ubuntu 10.10:
cvs 1:1.12.13-12ubuntu1.10.10.1

Ubuntu 10.04 LTS:
cvs 1:1.12.13-12ubuntu1.10.04.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1371-1
CVE-2012-0804

Package Information:
https://launchpad.net/ubuntu/+source/cvs/2:1.12.13+real-6ubuntu0.1
https://launchpad.net/ubuntu/+source/cvs/1:1.12.13-12ubuntu1.11.04.1
https://launchpad.net/ubuntu/+source/cvs/1:1.12.13-12ubuntu1.10.10.1
https://launchpad.net/ubuntu/+source/cvs/1:1.12.13-12ubuntu1.10.04.1



--ÓpMzcWIBgbuZjkVCu6cp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPRQ5gAAoJEGVp2FWnRL6TVtEP/1LGCxogracL5Vebc6XCMB8O
eX6MiNyu7jaPHVXW/4+Ay7Tf/HegGbYTYueV/nsvpMtq5nq1t63GJU0xrORV//vw
IOHkvyFt6/nIJdO6of4I2NKr2U58HOeZKuoPT4Cp75HwsJapc4+EwZaNuKRpuPft
Uyl6KCCL+cyeocx/hvZm2i5bju3wY0MfberLu4zzO9QR9zbmeE0ClLZ5F06fg079
5R6/0NHldSNfagR+HCcdKMCYgSlrdHWFeVC8OeTDpmYIe8q4l44GTvHvzSH+SwpT
L7+QNwL7+HNDyOsMCq/cgZ2wdT8t2TBxHPV0rRn6w2YIXUilnFHO3RmowgjUJvIF
dl1UnrOEmBI8xrsrDnMyA9QFQUHt0z8MjTLJSUdaCBdwKfomxwrVexLh+vZQwVkF
dXqUIIjcZbqVsJSha6Lgh9mwJzsyoo/uLBwvbRRvQaCnSl7Jl2RUWO+RYwuZsSGu
XS1ndobyQlLwO0dKgQAelmU3Wu9fBgU96jjXxjS9TC3qWTcfFnhNqpxq8p2H6ekF
dPp55UuJjBYiH06vtfjIiv9OsoFn8CJTtxzFiv+s5XLF7HWFmuYHwRL4rfbAlND+
WwWt1ae05w7LGv2cqLbdlQFLhoO3zsDPOAYGbj+r5vtYJH5Jb7LYn94QlWkPrIOi
Jkltp+KssBl6Ac++NKQz
=hyb0
-----END PGP SIGNATURE-----

--=-JpMzcWIBgbuZjkVCu6cp--



--===============5069237272139163578==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5069237272139163578==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung