Security Advisory cvs security update

Advisory: RHSA-2005:387-06
Type: Security Advisory
Severity: Moderate
Issued on: 2005-04-25
Last updated on: 2005-04-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-0753

Details

An updated cvs package that fixes security bugs is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

CVS (Concurrent Version System) is a version control system.

A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.

Additionally, a bug was found in which CVS freed an invalid pointer.
However, this issue does not appear to be exploitable.

All users of cvs should upgrade to this updated package, which includes a
backported patch to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
cvs-1.11.2-27.src.rpm
File outdated by:  RHSA-2005:756		     3a1c630c467955a5547daeee4384d860
 
IA-32:
cvs-1.11.2-27.i386.rpm
File outdated by:  RHSA-2005:756		     5b821d54dee3d13bab55d246be067be2
 
x86_64:
cvs-1.11.2-27.x86_64.rpm
File outdated by:  RHSA-2005:756		     ac9fe80037c3857b51d3ad87f6556503
 
Red Hat Desktop (v. 4)
SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm
File outdated by:  RHBA-2009:0971		     0a3eaa9dc601fd751d6e11e6aa2f57ad
 
IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0971		     a3fb0cdf21e3f1f67acb9580a17b068c
 
x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0971		     c4fb7c7ef27462e14213d750263ed73f
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
cvs-1.11.1p1-18.src.rpm
File outdated by:  RHSA-2005:756		     6c33701447c66a6dfa27ad3af072a478
 
IA-32:
cvs-1.11.1p1-18.i386.rpm
File outdated by:  RHSA-2005:756		     6f4b84ce418a777eb6644f6ad4d76616
 
IA-64:
cvs-1.11.1p1-18.ia64.rpm
File outdated by:  RHSA-2005:756		     ca0194a275975e9a576e5c643974941d
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
cvs-1.11.2-27.src.rpm
File outdated by:  RHSA-2005:756		     3a1c630c467955a5547daeee4384d860
 
IA-32:
cvs-1.11.2-27.i386.rpm
File outdated by:  RHSA-2005:756		     5b821d54dee3d13bab55d246be067be2
 
IA-64:
cvs-1.11.2-27.ia64.rpm
File outdated by:  RHSA-2005:756		     bb679e26359e12c711f31cb05446b798
 
PPC:
cvs-1.11.2-27.ppc.rpm
File outdated by:  RHSA-2005:756		     3bc90cad047c47fa5d53f54f694fd166
 
s390:
cvs-1.11.2-27.s390.rpm
File outdated by:  RHSA-2005:756		     5f223edfd769dcd3a3c0867304652c16
 
s390x:
cvs-1.11.2-27.s390x.rpm
File outdated by:  RHSA-2005:756		     66cf36f6e41c39b05304fbc188294df5
 
x86_64:
cvs-1.11.2-27.x86_64.rpm
File outdated by:  RHSA-2005:756		     ac9fe80037c3857b51d3ad87f6556503
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm
File outdated by:  RHBA-2009:0971		     0a3eaa9dc601fd751d6e11e6aa2f57ad
 
IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0971		     a3fb0cdf21e3f1f67acb9580a17b068c
 
IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0971		     a556e359ecca71df7211becc5189a06f
 
PPC:
cvs-1.11.17-7.RHEL4.ppc.rpm
File outdated by:  RHBA-2009:0971		     9cdf66a2735a32470680a55c36b4c464
 
s390:
cvs-1.11.17-7.RHEL4.s390.rpm
File outdated by:  RHBA-2009:0971		     569a6322133afdcb7242c18ed17244b3
 
s390x:
cvs-1.11.17-7.RHEL4.s390x.rpm
File outdated by:  RHBA-2009:0971		     c15b1c06582ff0986208955eb8dcfad7
 
x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0971		     c4fb7c7ef27462e14213d750263ed73f
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
cvs-1.11.1p1-18.src.rpm
File outdated by:  RHSA-2005:756		     6c33701447c66a6dfa27ad3af072a478
 
IA-32:
cvs-1.11.1p1-18.i386.rpm
File outdated by:  RHSA-2005:756		     6f4b84ce418a777eb6644f6ad4d76616
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
cvs-1.11.2-27.src.rpm
File outdated by:  RHSA-2005:756		     3a1c630c467955a5547daeee4384d860
 
IA-32:
cvs-1.11.2-27.i386.rpm
File outdated by:  RHSA-2005:756		     5b821d54dee3d13bab55d246be067be2
 
IA-64:
cvs-1.11.2-27.ia64.rpm
File outdated by:  RHSA-2005:756		     bb679e26359e12c711f31cb05446b798
 
x86_64:
cvs-1.11.2-27.x86_64.rpm
File outdated by:  RHSA-2005:756		     ac9fe80037c3857b51d3ad87f6556503
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm
File outdated by:  RHBA-2009:0971		     0a3eaa9dc601fd751d6e11e6aa2f57ad
 
IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0971		     a3fb0cdf21e3f1f67acb9580a17b068c
 
IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0971		     a556e359ecca71df7211becc5189a06f
 
x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0971		     c4fb7c7ef27462e14213d750263ed73f
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
cvs-1.11.1p1-18.src.rpm
File outdated by:  RHSA-2005:756		     6c33701447c66a6dfa27ad3af072a478
 
IA-32:
cvs-1.11.1p1-18.i386.rpm
File outdated by:  RHSA-2005:756		     6f4b84ce418a777eb6644f6ad4d76616
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
cvs-1.11.2-27.src.rpm
File outdated by:  RHSA-2005:756		     3a1c630c467955a5547daeee4384d860
 
IA-32:
cvs-1.11.2-27.i386.rpm
File outdated by:  RHSA-2005:756		     5b821d54dee3d13bab55d246be067be2
 
IA-64:
cvs-1.11.2-27.ia64.rpm
File outdated by:  RHSA-2005:756		     bb679e26359e12c711f31cb05446b798
 
x86_64:
cvs-1.11.2-27.x86_64.rpm
File outdated by:  RHSA-2005:756		     ac9fe80037c3857b51d3ad87f6556503
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm
File outdated by:  RHBA-2009:0971		     0a3eaa9dc601fd751d6e11e6aa2f57ad
 
IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0971		     a3fb0cdf21e3f1f67acb9580a17b068c
 
IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0971		     a556e359ecca71df7211becc5189a06f
 
x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0971		     c4fb7c7ef27462e14213d750263ed73f
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
cvs-1.11.1p1-18.src.rpm
File outdated by:  RHSA-2005:756		     6c33701447c66a6dfa27ad3af072a478
 
IA-64:
cvs-1.11.1p1-18.ia64.rpm
File outdated by:  RHSA-2005:756		     ca0194a275975e9a576e5c643974941d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

155029 - CAN-2005-0753 multiple issues in cvs


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0753

Keywords

buffer, cvs, overflow

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/