Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    California USA

    RHN Errata Alert: Updated CVS packages fix security issue

    Red Hat Network has determined that the following advisory is applicable to
    one or more of the systems you have registered:

    Complete information about this errata can be found at the following location:
         ttp://" target=_blank>

    Security Advisory - RHSA-2004:154-06
    Updated CVS packages fix security issue

    Updated cvs packages that fix a client vulnerability that could be
    exploited by a malicious server are now available.

    CVS is a version control system frequently used to manage source code

    Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can
    create files with absolute pathnames.  An attacker could create a fake
    malicious CVS server that would cause arbitrary files to be created or
    overwritten when a victim connects to it.  The Common Vulnerabilities and
    Exposures project ( has assigned the name CAN-2004-0180 to
    this issue.

    Users of CVS are advised to upgrade to these erratum packages, which
    contain a patch correcting this issue.
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  2. #2
    Join Date
    Jun 2003
    Good thing there aren't many non-developers who run the CVS client. :)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts