Red Hat Product Errata RHSA-2012:0321 - Security Advisory

Issued:: 2012-02-21
Updated:: 2012-02-21

RHSA-2012:0321 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: cvs security update

Type/Severity

Security Advisory: Moderate

Topic

Updated cvs packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Concurrent Version System (CVS) is a version control system that can record
the history of your files.

A heap-based buffer overflow flaw was found in the way the CVS client
handled responses from HTTP proxies. A malicious HTTP proxy could use this
flaw to cause the CVS client to crash or, possibly, execute arbitrary code
with the privileges of the user running the CVS client. (CVE-2012-0804)

All users of cvs are advised to upgrade to these updated packages, which
contain a patch to correct this issue.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 6.2 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 6.2 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.2 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.2 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2 i386
Red Hat Storage 2.0 x86_64
Red Hat Gluster Storage Server for On-premise 2.0 x86_64
Red Hat Storage for Public Cloud (via RHUI) 2.0 x86_64
Red Hat Enterprise Linux Server - AUS 6.2 x86_64

Fixes

BZ - 784141 - CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow

CVEs

CVE-2012-0804

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Enterprise Linux Server 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
x86_64
cvs-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
ia64
cvs-1.11.22-11.el5_8.1.ia64.rpm	SHA-256: 2bde439013854f57990131edc42fccfd02c569ec7ffa7fc60e1e823cb220a7d3
cvs-debuginfo-1.11.22-11.el5_8.1.ia64.rpm	SHA-256: 50055fb3b0b63c3f42734b34bffa8f4027645b44e80ff93b66eedb9689309265
cvs-inetd-1.11.22-11.el5_8.1.ia64.rpm	SHA-256: 6f40a3024f82dba9f23c47b1c9bbc1a6dc1cd356eaf924b1363797e907857725
i386
cvs-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm	SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047

Red Hat Enterprise Linux Server - Extended Update Support 6.2

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Enterprise Linux Workstation 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Enterprise Linux Workstation 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
x86_64
cvs-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
i386
cvs-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm	SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047

Red Hat Enterprise Linux Desktop 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Enterprise Linux Desktop 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
x86_64
cvs-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
i386
cvs-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm	SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
s390x
cvs-1.11.23-11.el6_2.1.s390x.rpm	SHA-256: c7d82cc191740f05f96b2306d25ef497ea272aa937179c836e5fed1679876150
cvs-debuginfo-1.11.23-11.el6_2.1.s390x.rpm	SHA-256: bbf9360852eaa08cf31eacdc90be386a6be4027efb74f22e5de2edbf2641b861

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
s390x
cvs-1.11.22-11.el5_8.1.s390x.rpm	SHA-256: bc79f2e25e5dff4653044d7c5a796ec6b20d72e4ffaf71d36a50d0f5cff0726d
cvs-debuginfo-1.11.22-11.el5_8.1.s390x.rpm	SHA-256: 5b1b1e0f4ef35d7aee436f3e3ad11b8f1b0c4252bc95b05cbb94262e90911f53
cvs-inetd-1.11.22-11.el5_8.1.s390x.rpm	SHA-256: d200879daf0709497b25e39312b74870e04a462af58ebddab3696fd0f59aea03

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.2

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
s390x
cvs-1.11.23-11.el6_2.1.s390x.rpm	SHA-256: c7d82cc191740f05f96b2306d25ef497ea272aa937179c836e5fed1679876150
cvs-debuginfo-1.11.23-11.el6_2.1.s390x.rpm	SHA-256: bbf9360852eaa08cf31eacdc90be386a6be4027efb74f22e5de2edbf2641b861

Red Hat Enterprise Linux for Power, big endian 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
ppc64
cvs-1.11.23-11.el6_2.1.ppc64.rpm	SHA-256: 22342266e73d78f131f124f299299c75e414778c7e257a179fc30f58802fec75
cvs-debuginfo-1.11.23-11.el6_2.1.ppc64.rpm	SHA-256: 1ab01a97c624a0f1a5c0be70222a91ceeeae261a71477172b20f48fe81e40d68

Red Hat Enterprise Linux for Power, big endian 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
ppc
cvs-1.11.22-11.el5_8.1.ppc.rpm	SHA-256: f9a645459bdc3c4a21ff38f4fb9c977c8dba376b65f5b07933bd5d57de78873c
cvs-debuginfo-1.11.22-11.el5_8.1.ppc.rpm	SHA-256: 4bfdd8523b9886e6d2db44f67468a41ed92aeac55fc43c4743f35d5d250508dc
cvs-inetd-1.11.22-11.el5_8.1.ppc.rpm	SHA-256: f56e72a042650137bd72781074537fb3b1f868c7f5888137c097f60f5e5820d6

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.2

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
ppc64
cvs-1.11.23-11.el6_2.1.ppc64.rpm	SHA-256: 22342266e73d78f131f124f299299c75e414778c7e257a179fc30f58802fec75
cvs-debuginfo-1.11.23-11.el6_2.1.ppc64.rpm	SHA-256: 1ab01a97c624a0f1a5c0be70222a91ceeeae261a71477172b20f48fe81e40d68

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc

Red Hat Enterprise Linux Server from RHUI 6

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Enterprise Linux Server from RHUI 5

SRPM
cvs-1.11.22-11.el5_8.1.src.rpm	SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
x86_64
cvs-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm	SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
i386
cvs-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm	SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm	SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
i386
cvs-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm	SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03

Red Hat Storage 2.0

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc

Red Hat Gluster Storage Server for On-premise 2.0

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc

Red Hat Storage for Public Cloud (via RHUI) 2.0

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc

Red Hat Enterprise Linux Server - AUS 6.2

SRPM
cvs-1.11.23-11.el6_2.1.src.rpm	SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
x86_64
cvs-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm	SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.