- Issued:
- 2005-09-06
- Updated:
- 2005-09-06
RHSA-2005:756 - Security Advisory
Synopsis
cvs security update
Type/Severity
Security Advisory: Low
Topic
An updated cvs package that fixes a security bug is now available.
This update has been rated as having low security impact by the
Red Hat Security Response Team.
Description
CVS (Concurrent Version System) is a version control system.
An insecure temporary file usage was found in the cvsbug program. It is
possible that a local user could leverage this issue to execute arbitrary
instructions as the user running cvsbug. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2693 to this issue.
All users of cvs should upgrade to this updated package, which includes a
patch to correct this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 166365 - CAN-2005-2693 CVS temporary file issue
CVEs
References
(none)
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| x86_64 | |
| cvs-1.11.17-8.RHEL4.x86_64.rpm | SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2 |
| cvs-1.11.17-8.RHEL4.x86_64.rpm | SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2 |
| ia64 | |
| cvs-1.11.17-8.RHEL4.ia64.rpm | SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18 |
| cvs-1.11.17-8.RHEL4.ia64.rpm | SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18 |
| i386 | |
| cvs-1.11.17-8.RHEL4.i386.rpm | SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030 |
| cvs-1.11.17-8.RHEL4.i386.rpm | SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030 |
Red Hat Enterprise Linux Server 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Server 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| x86_64 | |
| cvs-1.11.17-8.RHEL4.x86_64.rpm | SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2 |
| ia64 | |
| cvs-1.11.17-8.RHEL4.ia64.rpm | SHA-256: e399af16508b1209de5033062d616cafd8321fed021dcec4737571f490777c18 |
| i386 | |
| cvs-1.11.17-8.RHEL4.i386.rpm | SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030 |
Red Hat Enterprise Linux Workstation 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| x86_64 | |
| cvs-1.11.17-8.RHEL4.x86_64.rpm | SHA-256: a748206e2e0ff1de6c95957c4c5a8766eaf7e89742a01188ddb5079e4ffee7a2 |
| i386 | |
| cvs-1.11.17-8.RHEL4.i386.rpm | SHA-256: d57fd18fde80349185cb996e17bbcce7a8c04d468fd813565b0b4ac27687f030 |
Red Hat Enterprise Linux Desktop 3
| SRPM | |
|---|---|
| x86_64 | |
| i386 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| s390x | |
| cvs-1.11.17-8.RHEL4.s390x.rpm | SHA-256: 69bbc425206d63a98818f4aeb5be686d4055318a5f63256c4a6bc255b2c5b342 |
| s390 | |
| cvs-1.11.17-8.RHEL4.s390.rpm | SHA-256: 161c4805f62753f6786c0f4fb42aa605450cc4fa0e39bc90503056fd74df873d |
Red Hat Enterprise Linux for IBM z Systems 3
| SRPM | |
|---|---|
| s390x | |
| s390 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| ppc | |
| cvs-1.11.17-8.RHEL4.ppc.rpm | SHA-256: 25b95a588afa31130d31166273f053d51a17ebeac123ccc929ec750357b6f0be |
Red Hat Enterprise Linux for Power, big endian 3
| SRPM | |
|---|---|
| ppc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.