CVS is a version control system frequently used to manage source code
repositories. During an audit of the CVS sources, Stefan Esser discovered
an exploitable double-free bug in the CVS server.
On servers which are configured to allow anonymous read-only access, this
bug could be used by anonymous users to gain write privileges. Users with
CVS write privileges can then use the Update-prog and Checkin-prog features
to execute arbitrary commands on the server.
All users of CVS are advised to upgrade to these packages which
contain patches to correct the double-free bug.
Our thanks go to Stefan Esser of e-matters for reporting this issue to us.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | cvs | < 1.11.1p1-8.7 | cvs-1.11.1p1-8.7.i386.rpm |
RedHat | any | ia64 | cvs | < 1.11.1p1-8.7 | cvs-1.11.1p1-8.7.ia64.rpm |