Login
Newsletter
Werbung

Sicherheit: Überschreiben von lokalen Dateien im cvs-Client
Aktuelle Meldungen Distributionen
Name: Überschreiben von lokalen Dateien im cvs-Client
ID: FEDORA-2004-110
Distribution: Fedora
Plattformen: Keine Angabe
Datum: Mi, 19. Mai 2004, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180
Applikationen: CVS

Originalnachricht

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-110
2004-04-22
---------------------------------------------------------------------

Name : cvs
Version : 1.11.15
Release : 1
Summary : A version control system.
Description :
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.

---------------------------------------------------------------------
Update Information:

The client for CVS before 1.11.15 allows a remote malicious CVS server
to create arbitrary files using certain RCS diff files that use
absolute pathnames during checkouts or updates.

Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.

---------------------------------------------------------------------

* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.15-1

- update to 1.11.15, fixing CAN-2004-0180 (#120969)

* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.14-1

- update to 1.11.14

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Wed Jan 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.11-1

- turn kserver, which people shouldn't use any more, back on

* Tue Dec 30 2003 Nalin Dahyabhai <nalin@redhat.com>

- update to 1.11.11

* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.11.10-1

- update to 1.11.10


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

a4f1dea17be76c29ad0bdeff09a80bba SRPMS/cvs-1.11.15-1.src.rpm
a356c7be00016bd9594462eb7e8041dc i386/cvs-1.11.15-1.i386.rpm
4d9ce4478aa261890870c5eca81320bf i386/debug/cvs-debuginfo-1.11.15-1.i386.rpm
dc36b21f10740253a6927f815c8a28ff x86_64/cvs-1.11.15-1.x86_64.rpm
f2601fe6b89fb6ff9136e46e02b8880b
x86_64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung