-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  cvs security update (SSA:2004-108-02)

CVS is a client/server version control system.  As a server, it
is used to host source code repositories.  As a client, it is
used to access such repositories.  This advisory affects both uses
of CVS.

A security problem which could allow a server to create arbitrary
files on a client machine, and another security problem which may
allow a client to view files outside of the CVS repository have
been fixed with the release of cvs-1.11.15.

Any sites running CVS should upgrade to the new CVS package.


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Sat Apr 17 14:09:23 PDT 2004
patches/packages/cvs-1.11.15-i486-1.tgz:  Upgraded to cvs-1.11.15.
  Fixes two security problems (server creating arbitrary files on a client
  machine, and client viewing files outside of the CVS repository).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 8.1:

Updated package for Slackware 9.0:

Updated package for Slackware 9.1:

Updated package for Slackware -current:


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
e8ba67add4c86d0bd8b7dc1ce265752a  cvs-1.11.15-i386-1.tgz

Slackware 9.0 package:
177b19dd98655f6811053f29286e4ab7  cvs-1.11.15-i386-1.tgz

Slackware 9.1 package:
80a99f7f4e2606d6c45ad60614cef81b  cvs-1.11.15-i486-1.tgz

Slackware -current package:
6e6cbad9deab1a53c1543c72d0acad1c  cvs-1.11.15-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

First, shut down the cvs server if you are running one.

Then, upgrade the package:
# upgradepkg cvs-1.11.10-i486-1.tgz

Finally, restart the CVS server.


+-----+

Slackware: 2004-108-02: cvs Security Update

April 18, 2004
CVS is a client/server version control system

Summary

Here are the details from the Slackware 9.1 ChangeLog: Sat Apr 17 14:09:23 PDT 2004 patches/packages/cvs-1.11.15-i486-1.tgz: Upgraded to cvs-1.11.15. Fixes two security problems (server creating arbitrary files on a client machine, and client viewing files outside of the CVS repository). For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405 (* Security fix *) WHERE TO FIND THE NEW PACKAGE: Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 SIGNATURES: Slackware 8.1 package: e8ba67add4c86d0bd8b7dc1ce265752a cvs-1.11.15-i386-1.tgz Slackware 9.0 package: 177b19dd98655f6811053f29286e4ab7 cvs-1.11.15-i386-1.tgz Slackware 9.1 package: 80a99f7f4e2606d6c45ad60614cef81b cvs-1.11.15-i486-1.tgz Slackware -current package: 6e6cbad9deab1a53c1543c72d0acad1c cvs-1.11.15-i486-1.tgz INSTALLATION INSTRUCTIONS: First, shut down the cvs server if you are running one. Then, upgrade the package: # upgradepkg cvs-1.11.10-i486-1.tgz Finally, restart the CVS server.

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] cvs security update (SSA:2004-108-02)
CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS.
A security problem which could allow a server to create arbitrary files on a client machine, and another security problem which may allow a client to view files outside of the CVS repository have been fixed with the release of cvs-1.11.15.
Any sites running CVS should upgrade to the new CVS package.

Installation Instructions

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved