CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a “double free” bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features (‘Update-prog’ and ‘Checkin-prog’) were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.1 | ppc | cvs | < 1.11-115 | cvs-1.11-115.ppc.rpm |
openSUSE | 7.2 | i386 | cvs | < 1.11-231 | cvs-1.11-231.i386.rpm |
openSUSE | 7.1 | alpha | cvs | < 1.11-106 | cvs-1.11-106.alpha.rpm |
openSUSE | 7.1 | i386 | cvs | < 1.11-230 | cvs-1.11-230.i386.rpm |
openSUSE | 7.3 | ppc | cvs | < 1.11-115 | cvs-1.11-115.ppc.rpm |
openSUSE | 7.3 | i386 | cvs | < 1.11-230 | cvs-1.11-230.i386.rpm |
openSUSE | 8.0 | i386 | cvs | < 1.11.1p1-235 | cvs-1.11.1p1-235.i386.rpm |
openSUSE | 8.1 | i586 | cvs | < 1.11.1p1-235 | cvs-1.11.1p1-235.i586.rpm |
openSUSE | 7.3 | sparc | cvs | < 1.11-103 | cvs-1.11-103.sparc.rpm |