[Slackit.org] [slackware-security] cvs security update (SSA:2004-108-02)

slackit-ml

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Slackit.org] [slackware-security] cvs security update (SSA:2004-108-02)

From:	Andrea Guarnaccia
Subject:	[Slackit.org] [slackware-security] cvs security update (SSA:2004-108-02)
Date:	Tue, 20 Apr 2004 12:27:01 +0200

[slackware-security]  cvs security update (SSA:2004-108-02)

CVS is a client/server version control system.  As a server, it
is used to host source code repositories.  As a client, it is
used to access such repositories.  This advisory affects both uses
of CVS.

A security problem which could allow a server to create arbitrary
files on a client machine, and another security problem which may
allow a client to view files outside of the CVS repository have
been fixed with the release of cvs-1.11.15.

Any sites running CVS should upgrade to the new CVS package.


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Sat Apr 17 14:09:23 PDT 2004
patches/packages/cvs-1.11.15-i486-1.tgz:  Upgraded to cvs-1.11.15.
  Fixes two security problems (server creating arbitrary files on a client
  machine, and client viewing files outside of the CVS repository).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.15-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.15-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
e8ba67add4c86d0bd8b7dc1ce265752a  cvs-1.11.15-i386-1.tgz

Slackware 9.0 package:
177b19dd98655f6811053f29286e4ab7  cvs-1.11.15-i386-1.tgz

Slackware 9.1 package:
80a99f7f4e2606d6c45ad60614cef81b  cvs-1.11.15-i486-1.tgz

Slackware -current package:
6e6cbad9deab1a53c1543c72d0acad1c  cvs-1.11.15-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

First, shut down the cvs server if you are running one.

Then, upgrade the package:
# upgradepkg cvs-1.11.10-i486-1.tgz

Finally, restart the CVS server.


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Slackit.org] [slackware-security] cvs security update (SSA:2004-108-02), Andrea Guarnaccia <=

Prev by Date: Re: [Slackit.org] Su Xfree, Gnome, Dropline ed altre amenità
Next by Date: [Slackit.org] [slackware-security] utempter security update (SSA:2004-110-01)
Previous by thread: [Slackit.org] Su Xfree, Gnome, Dropline ed altre amenità
Next by thread: [Slackit.org] [slackware-security] utempter security update (SSA:2004-110-01)
Index(es):
- Date
- Thread