SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: cvs on SL6.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 3 Mar 2011 16:34:22 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
Synopsis:	Moderate: cvs security update

Issue date:	2010-11-29

CVE Names:	CVE-2010-3846



An array index error, leading to a heap-based buffer overflow, was found 

in the way CVS applied certain delta fragment changes from input files 

in the RCS (Revision Control System file) format. If an attacker in 

control of a CVS repository stored a specially-crafted RCS file in that 

repository, and then tricked a remote victim into checking out (updating 

their CVS repository tree) a revision containing that file, it could 

lead to arbitrary code execution with the privileges of the CVS server 

process on the system hosting the CVS repository. (CVE-2010-3846)



SL 6.x



      SRPMS:

cvs-1.11.23-11.el6_0.1.src.rpm

      i386:

cvs-1.11.23-11.el6_0.1.i686.rpm

      x86_64:

cvs-1.11.23-11.el6_0.1.x86_64.rpm



-Connie Sieh

-Troy Dawson

ATOM RSS1 RSS2