RHBA-2011:1383 - Bug Fix Advisory

Topic

An updated cvs package that fixes three bugs is now available for Red Hat
Enterprise Linux 5.

Description

CVS (Concurrent Versions System) is a version control system that can record the
history of your files. CVS only stores the differences between versions, instead
of every version of every file you have ever created. CVS also keeps a log of
changes.

This update fixes the following bugs:

• Prior to this update, users with the C shell (csh) did not have the CVS_RSH

environment variable set to "ssh". Due to this, the remote shell (rsh) was used
instead of the secure shell (ssh) when the users accessed a remote CVS server.
Because the remote shell is not encrypted or not necessarily enabled on every
remote server, the connection could have been tampered with or denied. With this
update, the C shell profile script "cvs.csh" is added to set the CVS_RSH
environment variable to the value of "ssh" by default. (BZ#571559)

• Prior to this update, the cvs package did not depend on the xinetd package. As

a result, the CVS server was not accessible through network. With this update, a
new subpackage cvs-inetd, which contains the CVS inetd configuration file, has
been created to ensure that the xinetd package is installed and the xinetd
daemon is available on the system. (BZ#634691)

• Prior to this update, not all CVS configuration files were marked as

non-replaceable in the cvs package's metadata. As a result, reinstalling or
upgrading the cvs package caused the content of certain CVS configuration files
(/etc/pam.d/cvs, for example) to be overwritten. With this update, all CVS
configuration files are now marked as non-replaceable. (BZ#684769)

All users of cvs are advised to upgrade to this updated package, which fixes
these bugs.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259/

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 634691 - services that depend on /etc/xinetd.d/ scripts do not list xinetd as a dependency
• BZ - 684769 - Configuration files are overwritten on package reinstallation

CVEs

(none)

References

(none)