Synopsis: Moderate: cvs security update Issue Date: 2012-02-21 CVE Numbers: CVE-2012-0804 Concurrent Version System (CVS) is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. (CVE-2012-0804) All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue. SL5: i386 cvs-1.11.22-11.el5_8.1.i386.rpm cvs-debuginfo-1.11.22-11.el5_8.1.i386.rpm cvs-inetd-1.11.22-11.el5_8.1.i386.rpm x86_64 cvs-1.11.22-11.el5_8.1.x86_64.rpm cvs-debuginfo-1.11.22-11.el5_8.1.x86_64.rpm cvs-inetd-1.11.22-11.el5_8.1.x86_64.rpm SL6: i386 cvs-1.11.23-11.el6_2.1.i686.rpm cvs-debuginfo-1.11.23-11.el6_2.1.i686.rpm x86_64 cvs-1.11.23-11.el6_2.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_2.1.x86_64.rpm - Scientific Linux Development Team