Skip to navigation

Security Advisory Moderate: cvs security update

Advisory: RHSA-2012:0321-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-0804

Details

Updated cvs packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Concurrent Version System (CVS) is a version control system that can record
the history of your files.

A heap-based buffer overflow flaw was found in the way the CVS client
handled responses from HTTP proxies. A malicious HTTP proxy could use this
flaw to cause the CVS client to crash or, possibly, execute arbitrary code
with the privileges of the user running the CVS client. (CVE-2012-0804)

All users of cvs are advised to upgrade to these updated packages, which
contain a patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cvs-1.11.22-11.el5_8.1.src.rpm     MD5: 235ad1876884bbd2360d513e68d78053
SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
 
IA-32:
cvs-1.11.22-11.el5_8.1.i386.rpm     MD5: 432bc6fbbea49f83a7112e1ea181e00b
SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm     MD5: b32b4e769c8a78aacc14d1d5a06904ba
SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm     MD5: 888f82ea0fcc39e7772272dbd73f04d7
SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047
 
IA-64:
cvs-1.11.22-11.el5_8.1.ia64.rpm     MD5: 6798150e6ee6e60deec9e6b1ccee73e4
SHA-256: 2bde439013854f57990131edc42fccfd02c569ec7ffa7fc60e1e823cb220a7d3
cvs-debuginfo-1.11.22-11.el5_8.1.ia64.rpm     MD5: e07f7340b8a0589ee7bdd27a95a47a8c
SHA-256: 50055fb3b0b63c3f42734b34bffa8f4027645b44e80ff93b66eedb9689309265
cvs-inetd-1.11.22-11.el5_8.1.ia64.rpm     MD5: 094e04780df44455409690a3493da559
SHA-256: 6f40a3024f82dba9f23c47b1c9bbc1a6dc1cd356eaf924b1363797e907857725
 
PPC:
cvs-1.11.22-11.el5_8.1.ppc.rpm     MD5: b5ac2c64e8c3287022b9a91c6e115581
SHA-256: f9a645459bdc3c4a21ff38f4fb9c977c8dba376b65f5b07933bd5d57de78873c
cvs-debuginfo-1.11.22-11.el5_8.1.ppc.rpm     MD5: 82d2f5175e4f632ea3bf69496c701fc0
SHA-256: 4bfdd8523b9886e6d2db44f67468a41ed92aeac55fc43c4743f35d5d250508dc
cvs-inetd-1.11.22-11.el5_8.1.ppc.rpm     MD5: 4424b18aaf8171d37c9e1fbc3273738b
SHA-256: f56e72a042650137bd72781074537fb3b1f868c7f5888137c097f60f5e5820d6
 
s390x:
cvs-1.11.22-11.el5_8.1.s390x.rpm     MD5: 2e9afa1e7dadc01cdb646b8a81a99cae
SHA-256: bc79f2e25e5dff4653044d7c5a796ec6b20d72e4ffaf71d36a50d0f5cff0726d
cvs-debuginfo-1.11.22-11.el5_8.1.s390x.rpm     MD5: 3b756d07442616d272c2e6d56b31be30
SHA-256: 5b1b1e0f4ef35d7aee436f3e3ad11b8f1b0c4252bc95b05cbb94262e90911f53
cvs-inetd-1.11.22-11.el5_8.1.s390x.rpm     MD5: 90473c77bdf370be06f29d3644944d9a
SHA-256: d200879daf0709497b25e39312b74870e04a462af58ebddab3696fd0f59aea03
 
x86_64:
cvs-1.11.22-11.el5_8.1.x86_64.rpm     MD5: be4fdcb1d5e987e2a01893dcbc6569cd
SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm     MD5: 172f3203a26a18869a07fbdf40a165b3
SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm     MD5: b05f03ffd1e20dcded253b5e39a2587a
SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
cvs-1.11.22-11.el5_8.1.src.rpm     MD5: 235ad1876884bbd2360d513e68d78053
SHA-256: 3f67990166991d7746a9c0bfc1d5f34a48785ed55bd0fe38ba4615e4db2b45bb
 
IA-32:
cvs-1.11.22-11.el5_8.1.i386.rpm     MD5: 432bc6fbbea49f83a7112e1ea181e00b
SHA-256: 1b36fd9caf497733670a309072d09ad7c9afc537521266d8e2d4eacd5d21181e
cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm     MD5: b32b4e769c8a78aacc14d1d5a06904ba
SHA-256: ca42414aa1e205389847b50022114d803a7eed2018a39622714e5c7bb7542d09
cvs-inetd-1.11.22-11.el5_8.1.i386.rpm     MD5: 888f82ea0fcc39e7772272dbd73f04d7
SHA-256: 45013d9a0084e54acf78e25d2cef84c76da8f9afb051186abaac8e557a6fb047
 
x86_64:
cvs-1.11.22-11.el5_8.1.x86_64.rpm     MD5: be4fdcb1d5e987e2a01893dcbc6569cd
SHA-256: 136ed23745301ce3c9e8fe1c453c455c1c72719d2aab7f68a06bf89c029e7a30
cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm     MD5: 172f3203a26a18869a07fbdf40a165b3
SHA-256: 18d39772e1f75c45b09ebb277b5eeeafd6c89ea20c5924788a866bf456903fe2
cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm     MD5: b05f03ffd1e20dcded253b5e39a2587a
SHA-256: aa90a493540c5b600926d742a045a688932267335d04b656eb7599b5c0909664
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
IA-32:
cvs-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7a64e4aaf9aec2d0b9a69272e7f88ef5
SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 45de4b8f16365715ebc1df3484c3c716
SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
IA-32:
cvs-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7a64e4aaf9aec2d0b9a69272e7f88ef5
SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 45de4b8f16365715ebc1df3484c3c716
SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03
 
PPC:
cvs-1.11.23-11.el6_2.1.ppc64.rpm
File outdated by:  RHBA-2013:1555
    MD5: bd1dffb4cd50f9dd726e3fbbc6a14f36
SHA-256: 22342266e73d78f131f124f299299c75e414778c7e257a179fc30f58802fec75
cvs-debuginfo-1.11.23-11.el6_2.1.ppc64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 4a2153e84c657ae2b143bb7d27ecf5bd
SHA-256: 1ab01a97c624a0f1a5c0be70222a91ceeeae261a71477172b20f48fe81e40d68
 
s390x:
cvs-1.11.23-11.el6_2.1.s390x.rpm
File outdated by:  RHBA-2013:1555
    MD5: 559b89adb81633e901b1142c4ef8beb9
SHA-256: c7d82cc191740f05f96b2306d25ef497ea272aa937179c836e5fed1679876150
cvs-debuginfo-1.11.23-11.el6_2.1.s390x.rpm
File outdated by:  RHBA-2013:1555
    MD5: 1a1c7581f945f8748d4219ed6de2245b
SHA-256: bbf9360852eaa08cf31eacdc90be386a6be4027efb74f22e5de2edbf2641b861
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm     MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm     MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
IA-32:
cvs-1.11.23-11.el6_2.1.i686.rpm     MD5: 7a64e4aaf9aec2d0b9a69272e7f88ef5
SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm     MD5: 45de4b8f16365715ebc1df3484c3c716
SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03
 
PPC:
cvs-1.11.23-11.el6_2.1.ppc64.rpm     MD5: bd1dffb4cd50f9dd726e3fbbc6a14f36
SHA-256: 22342266e73d78f131f124f299299c75e414778c7e257a179fc30f58802fec75
cvs-debuginfo-1.11.23-11.el6_2.1.ppc64.rpm     MD5: 4a2153e84c657ae2b143bb7d27ecf5bd
SHA-256: 1ab01a97c624a0f1a5c0be70222a91ceeeae261a71477172b20f48fe81e40d68
 
s390x:
cvs-1.11.23-11.el6_2.1.s390x.rpm     MD5: 559b89adb81633e901b1142c4ef8beb9
SHA-256: c7d82cc191740f05f96b2306d25ef497ea272aa937179c836e5fed1679876150
cvs-debuginfo-1.11.23-11.el6_2.1.s390x.rpm     MD5: 1a1c7581f945f8748d4219ed6de2245b
SHA-256: bbf9360852eaa08cf31eacdc90be386a6be4027efb74f22e5de2edbf2641b861
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm     MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm     MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
cvs-1.11.23-11.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1555
    MD5: 05f005b2e60baaf201f883b2d7551faa
SHA-256: 0cc3767a7948f4fc96a0d3fd9b5fc5b3e2c02f00a44919284d37dfde169cb212
 
IA-32:
cvs-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7a64e4aaf9aec2d0b9a69272e7f88ef5
SHA-256: 015fc0f335fadb81fac1761d0ebf548c1cbfae328841e2dac9ba9f198afcd17e
cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1555
    MD5: 45de4b8f16365715ebc1df3484c3c716
SHA-256: 036ccf69c8ddf0957e8c8e5448fa50483ff4fd25b60a5bfb0bd7a58c900dff03
 
x86_64:
cvs-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 540df1c4f8f7ea67626e044405b6fdbd
SHA-256: 1d94125726948a0cf6f848853e2b06fc9c5a14b143ab2fdcada577ebb5f47e90
cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1555
    MD5: 7570aff9ee4776454e66df1892e5791f
SHA-256: 034e7f06cbac8da3381093ff0a9e2c43f5a4a6a242dc45cd9ffdd26d577d73dc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

784141 - CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/