Issued:
2012-09-21
Updated:
2013-02-20

RHBA-2012:1302 - Bug Fix Advisory

Synopsis

cvs bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated cvs package that fixes two bugs is now available for Red Hat
Enterprise Linux 6.

[Update 19 November 2012]
The file list of this advisory was updated to move the new cvs-inetd package
from the base repository to the optional repository in the Client and HPC Node
variants. No changes have been made to the packages themselves.

Description

The Concurrent Versions System (CVS) is a version control system that can record
the history of your files. CVS only stores the differences between versions,
instead of every version of every file you have ever created. CVS also keeps a
log of who, when, and why changes occurred.

  • Prior to this update, the C shell (csh) did not set the CVS_RSH environment

variable to "ssh" and the remote shell (rsh) was used instead when the users
accessed a remote CVS server. As a consequence, the connection was vulnerable to
attacks because the remote shell is not encrypted or not necessarily enabled on
every remote server. The cvs.csh script now uses valid csh syntax and the
CVS_RSH environment variable is properly set at log-in. (BZ#671145)

  • Prior to this update, the xinetd package was not a dependency of the cvs

package. As a result, the CVS server was not accessible through network. With
this update, the cvs-inetd package, which contains the CVS inetd configuration
file, ensures that the xinetd package is installed as a dependency and the
xinetd daemon is available on the system. (BZ#695719)

All users of cvs are advised to upgrade to these updated packages, which fix
these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 671145 - /etc/profile.d/cvs.csh uses non-tcsh syntax
  • BZ - 695719 - services that depend on /etc/xinetd.d/ scripts do not list xinetd as a dependency

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
i386
cvs-1.11.23-15.el6.i686.rpm SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
i386
cvs-1.11.23-15.el6.i686.rpm SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux Workstation 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
i386
cvs-1.11.23-15.el6.i686.rpm SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux Desktop 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
i386
cvs-1.11.23-15.el6.i686.rpm SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
s390x
cvs-1.11.23-15.el6.s390x.rpm SHA-256: 7f6cd71a19478979e3100ec1b09e9260e4cd49ba2e7736a619409423c7764b0f
cvs-debuginfo-1.11.23-15.el6.s390x.rpm SHA-256: 149f2bcaac5af83ba80413a1bc6a2d58f3f076780ad50117f4c5af9ba296ab2a
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux for Power, big endian 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
ppc64
cvs-1.11.23-15.el6.ppc64.rpm SHA-256: 9db809e0adaac19e5c9555c86685ae25ca4f07591e2a025f81889c181b9673e0
cvs-debuginfo-1.11.23-15.el6.ppc64.rpm SHA-256: ff77956dfd1d2eec4b53f9d91beda2f1f05f2aa4d483107f5ccf6955a8baef19
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux Server from RHUI 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
x86_64
cvs-1.11.23-15.el6.x86_64.rpm SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
i386
cvs-1.11.23-15.el6.i686.rpm SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
cvs-1.11.23-15.el6.src.rpm SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
s390x
cvs-1.11.23-15.el6.s390x.rpm SHA-256: 7f6cd71a19478979e3100ec1b09e9260e4cd49ba2e7736a619409423c7764b0f
cvs-debuginfo-1.11.23-15.el6.s390x.rpm SHA-256: 149f2bcaac5af83ba80413a1bc6a2d58f3f076780ad50117f4c5af9ba296ab2a
cvs-inetd-1.11.23-15.el6.noarch.rpm SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.