Skip to navigation

Bug Fix Advisory cvs bug fix update

Advisory: RHBA-2012:1302-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-09-21
Last updated on: 2013-02-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated cvs package that fixes two bugs is now available for Red Hat
Enterprise Linux 6.

[Update 19 November 2012]
The file list of this advisory was updated to move the new cvs-inetd package
from the base repository to the optional repository in the Client and HPC Node
variants. No changes have been made to the packages themselves.

The Concurrent Versions System (CVS) is a version control system that can record
the history of your files. CVS only stores the differences between versions,
instead of every version of every file you have ever created. CVS also keeps a
log of who, when, and why changes occurred.

* Prior to this update, the C shell (csh) did not set the CVS_RSH environment
variable to "ssh" and the remote shell (rsh) was used instead when the users
accessed a remote CVS server. As a consequence, the connection was vulnerable to
attacks because the remote shell is not encrypted or not necessarily enabled on
every remote server. The cvs.csh script now uses valid csh syntax and the
CVS_RSH environment variable is properly set at log-in. (BZ#671145)

* Prior to this update, the xinetd package was not a dependency of the cvs
package. As a result, the CVS server was not accessible through network. With
this update, the cvs-inetd package, which contains the CVS inetd configuration
file, ensures that the xinetd package is installed as a dependency and the
xinetd daemon is available on the system. (BZ#695719)

All users of cvs are advised to upgrade to these updated packages, which fix
these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
cvs-1.11.23-15.el6.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 20fa63208265237e002b55927616121f
SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
 
IA-32:
cvs-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 0f17a2c61621bf41eee9462de36ee662
SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: c5187bbc0eaf3454828096b15249d070
SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
x86_64:
cvs-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 4b6783ba9da9b8c6b9cbfadd08c9da69
SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: afe3d653c59ee6bac140e1994d0bb31c
SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
cvs-1.11.23-15.el6.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 20fa63208265237e002b55927616121f
SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
 
x86_64:
cvs-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 4b6783ba9da9b8c6b9cbfadd08c9da69
SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: afe3d653c59ee6bac140e1994d0bb31c
SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
cvs-1.11.23-15.el6.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 20fa63208265237e002b55927616121f
SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
 
IA-32:
cvs-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 0f17a2c61621bf41eee9462de36ee662
SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: c5187bbc0eaf3454828096b15249d070
SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
PPC:
cvs-1.11.23-15.el6.ppc64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 3b84d27606b6770574fa7b3941b2126d
SHA-256: 9db809e0adaac19e5c9555c86685ae25ca4f07591e2a025f81889c181b9673e0
cvs-debuginfo-1.11.23-15.el6.ppc64.rpm
File outdated by:  RHBA-2013:1555
    MD5: a6e52c186ed307ed00749a81e72afde2
SHA-256: ff77956dfd1d2eec4b53f9d91beda2f1f05f2aa4d483107f5ccf6955a8baef19
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
s390x:
cvs-1.11.23-15.el6.s390x.rpm
File outdated by:  RHBA-2013:1555
    MD5: 9ada3262f2438c0ff4797c3530a669f9
SHA-256: 7f6cd71a19478979e3100ec1b09e9260e4cd49ba2e7736a619409423c7764b0f
cvs-debuginfo-1.11.23-15.el6.s390x.rpm
File outdated by:  RHBA-2013:1555
    MD5: 0f07356b172825044233bd25f0df1807
SHA-256: 149f2bcaac5af83ba80413a1bc6a2d58f3f076780ad50117f4c5af9ba296ab2a
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
x86_64:
cvs-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 4b6783ba9da9b8c6b9cbfadd08c9da69
SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: afe3d653c59ee6bac140e1994d0bb31c
SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
cvs-1.11.23-15.el6.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 20fa63208265237e002b55927616121f
SHA-256: 123dc2c54f37ff0965d1e7da8bf29b56f12eacbe9fac2a64d2457a0905315138
 
IA-32:
cvs-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 0f17a2c61621bf41eee9462de36ee662
SHA-256: 670d43061ed9e4423e750edbf9fa412c0d4c52d6a5a68304218bb3131bc89f75
cvs-debuginfo-1.11.23-15.el6.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: c5187bbc0eaf3454828096b15249d070
SHA-256: 98e1d96f2c746d6af2605dc886dc6adeb5ca0066e2419dac07d5d3fabb1de60f
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
x86_64:
cvs-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 4b6783ba9da9b8c6b9cbfadd08c9da69
SHA-256: 53acfd99e823c75f2dbdc74cfa1dc9de39f05b16b98853fe0858832f6784964a
cvs-debuginfo-1.11.23-15.el6.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: afe3d653c59ee6bac140e1994d0bb31c
SHA-256: da32218617e88228f74eb4d691a3ff5d4e697f870af1e75738c2bff63a2b79b1
cvs-inetd-1.11.23-15.el6.noarch.rpm
File outdated by:  RHBA-2013:1555
    MD5: e1e4fea3f86c341afa426d997adcb824
SHA-256: 42510db8afda86a58e1f443957487430c1b73e6ea5a1c1bfb43d2e61685b2117
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

671145 - /etc/profile.d/cvs.csh uses non-tcsh syntax
695719 - services that depend on /etc/xinetd.d/ scripts do not list xinetd as a dependency



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/