Issued:: 2009-06-15
Updated:: 2009-06-15

RHSA-2009:1102 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: cscope security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated cscope package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

cscope is a mature, ncurses-based, C source-code tree browsing tool.

Multiple buffer overflow flaws were found in cscope. An attacker could
create a specially crafted source code file that could cause cscope to
crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2009-0148)

All users of cscope are advised to upgrade to this updated package, which
contains backported patches to fix these issues. All running instances of
cscope must be restarted for this update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
cscope-15.5-15.1.el5_3.1.src.rpm	SHA-256: ccfdbb0720ee39e20c6a13048f6c8c0727c0ff80353c0f4f0330aadd24e74481
x86_64
cscope-15.5-15.1.el5_3.1.x86_64.rpm	SHA-256: 6abf1eb292e355c12db096f1abad2a838a67884e6ab8b028f752a89a3250d64e
ia64
cscope-15.5-15.1.el5_3.1.ia64.rpm	SHA-256: 1fe7b6ba6c8f9fc8f7036840d058a49c918fdccaf0f64a2d53824a1bec719dc6
i386
cscope-15.5-15.1.el5_3.1.i386.rpm	SHA-256: 9b14976487147e58ee2d29534c5b3ab9cf00076b814daef8d9b71701844237c7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
cscope-15.5-15.1.el5_3.1.src.rpm	SHA-256: ccfdbb0720ee39e20c6a13048f6c8c0727c0ff80353c0f4f0330aadd24e74481
x86_64
cscope-15.5-15.1.el5_3.1.x86_64.rpm	SHA-256: 6abf1eb292e355c12db096f1abad2a838a67884e6ab8b028f752a89a3250d64e
i386
cscope-15.5-15.1.el5_3.1.i386.rpm	SHA-256: 9b14976487147e58ee2d29534c5b3ab9cf00076b814daef8d9b71701844237c7

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
cscope-15.5-15.1.el5_3.1.src.rpm	SHA-256: ccfdbb0720ee39e20c6a13048f6c8c0727c0ff80353c0f4f0330aadd24e74481
s390x
cscope-15.5-15.1.el5_3.1.s390x.rpm	SHA-256: 1c7991d1751991d0e0a4680451bc67a419c0cdb55ca10b3b31a7c641999f25f6

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
cscope-15.5-15.1.el5_3.1.src.rpm	SHA-256: ccfdbb0720ee39e20c6a13048f6c8c0727c0ff80353c0f4f0330aadd24e74481
ppc
cscope-15.5-15.1.el5_3.1.ppc.rpm	SHA-256: 508d89ba247ce51cfa5c245c5eb7f0024d3e3f3891a3d28570c37dc1e056ceac

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
cscope-15.5-15.1.el5_3.1.src.rpm	SHA-256: ccfdbb0720ee39e20c6a13048f6c8c0727c0ff80353c0f4f0330aadd24e74481
x86_64
cscope-15.5-15.1.el5_3.1.x86_64.rpm	SHA-256: 6abf1eb292e355c12db096f1abad2a838a67884e6ab8b028f752a89a3250d64e
i386
cscope-15.5-15.1.el5_3.1.i386.rpm	SHA-256: 9b14976487147e58ee2d29534c5b3ab9cf00076b814daef8d9b71701844237c7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation