| Revision Date: | 2004-01-14 | Version: | 502 |
| Title: | RHSA-2004:004: cvs security update (Low) |
| Description: | CVS is a version control system frequently used to manage source code repositories.
A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0977 to this issue.
Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue.
For Red Hat Enterprise Linux 2.1, these updates also fix an off-by-one overflow in the CVS PreservePermissions code. The PreservePermissions feature is not used by default (and can only be used for local CVS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0844 to this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2002-0844
CVE-2003-0977
RHSA-2004:004-01
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 3 is installed AND cvs is earlier than 0:1.11.2-14
AND cvs is signed with Red Hat master key
|