Issued:: 2005-09-06
Updated:: 2005-09-06

RHSA-2005:756 - Security Advisory

Overview
Updated Packages

Synopsis

cvs security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated cvs package that fixes a security bug is now available.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

Description

CVS (Concurrent Version System) is a version control system.

An insecure temporary file usage was found in the cvsbug program. It is
possible that a local user could leverage this issue to execute arbitrary
instructions as the user running cvsbug. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2693 to this issue.

All users of cvs should upgrade to this updated package, which includes a
patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 166365 - CAN-2005-2693 CVS temporary file issue

CVEs

CVE-2005-2693

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
cvs-1.11.17-8.RHEL4.x86_64.rpm	SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2
cvs-1.11.17-8.RHEL4.x86_64.rpm	SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2
ia64
cvs-1.11.17-8.RHEL4.ia64.rpm	SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18
cvs-1.11.17-8.RHEL4.ia64.rpm	SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18
i386
cvs-1.11.17-8.RHEL4.i386.rpm	SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030
cvs-1.11.17-8.RHEL4.i386.rpm	SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
cvs-1.11.17-8.RHEL4.x86_64.rpm	SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2
ia64
cvs-1.11.17-8.RHEL4.ia64.rpm	SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18
i386
cvs-1.11.17-8.RHEL4.i386.rpm	SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
cvs-1.11.17-8.RHEL4.x86_64.rpm	SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2
i386
cvs-1.11.17-8.RHEL4.i386.rpm	SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
cvs-1.11.17-8.RHEL4.s390x.rpm	SHA-256: 69bbc425206d63a98818f4aeb5be686d4055318a5f63256c4a6bc255b2c5b342
s390
cvs-1.11.17-8.RHEL4.s390.rpm	SHA-256: 161c4805f62753f6786c0f4fb42aa605450cc4fa0e39bc90503056fd74df873d

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
cvs-1.11.17-8.RHEL4.ppc.rpm	SHA-256: 25b95a588afa31130d31166273f053d51a17ebeac123ccc929ec750357b6f0be

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation