Red Hat Product Errata RHSA-2005:387 - Security Advisory

Issued:: 2005-04-25
Updated:: 2005-04-25

RHSA-2005:387 - Security Advisory

Overview
Updated Packages

Synopsis

cvs security update

Type/Severity

Security Advisory: Moderate

Topic

An updated cvs package that fixes security bugs is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

CVS (Concurrent Version System) is a version control system.

A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.

Additionally, a bug was found in which CVS freed an invalid pointer.
However, this issue does not appear to be exploitable.

All users of cvs should upgrade to this updated package, which includes a
backported patch to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 155029 - CAN-2005-0753 multiple issues in cvs

CVEs

CVE-2005-0753

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
cvs-1.11.17-7.RHEL4.x86_64.rpm	SHA-256: 31275503300e088a806da98c55e3e612b0f3b287097a30272e933d0f50c8e8a8
cvs-1.11.17-7.RHEL4.x86_64.rpm	SHA-256: 31275503300e088a806da98c55e3e612b0f3b287097a30272e933d0f50c8e8a8
ia64
cvs-1.11.17-7.RHEL4.ia64.rpm	SHA-256: 2751380421597286601edcf33e6d2d1b2cae7ae614dd12201abf65c4b2534cad
cvs-1.11.17-7.RHEL4.ia64.rpm	SHA-256: 2751380421597286601edcf33e6d2d1b2cae7ae614dd12201abf65c4b2534cad
i386
cvs-1.11.17-7.RHEL4.i386.rpm	SHA-256: 8b1d6563d55500ac642393c9a427d01094f01e8775f588ace5bdad941db1f23c
cvs-1.11.17-7.RHEL4.i386.rpm	SHA-256: 8b1d6563d55500ac642393c9a427d01094f01e8775f588ace5bdad941db1f23c

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
cvs-1.11.17-7.RHEL4.x86_64.rpm	SHA-256: 31275503300e088a806da98c55e3e612b0f3b287097a30272e933d0f50c8e8a8
ia64
cvs-1.11.17-7.RHEL4.ia64.rpm	SHA-256: 2751380421597286601edcf33e6d2d1b2cae7ae614dd12201abf65c4b2534cad
i386
cvs-1.11.17-7.RHEL4.i386.rpm	SHA-256: 8b1d6563d55500ac642393c9a427d01094f01e8775f588ace5bdad941db1f23c

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
cvs-1.11.17-7.RHEL4.x86_64.rpm	SHA-256: 31275503300e088a806da98c55e3e612b0f3b287097a30272e933d0f50c8e8a8
i386
cvs-1.11.17-7.RHEL4.i386.rpm	SHA-256: 8b1d6563d55500ac642393c9a427d01094f01e8775f588ace5bdad941db1f23c

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
cvs-1.11.17-7.RHEL4.s390x.rpm	SHA-256: 0930966de2f1e9002634a8ba9e4be2f45dd257cd5c8bb7ae4abf690fbfb84930
s390
cvs-1.11.17-7.RHEL4.s390.rpm	SHA-256: f6cc52480ae7d50563d18d5db90eb8345396adef35cd12cec3b0e84a9f98dce1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
cvs-1.11.17-7.RHEL4.ppc.rpm	SHA-256: c1ab6c98070c4893c919e086d904b8ea0319643f37f570aeb1df08df23bd3baf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories