Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

CVS Directory Request Double Free Heap Corruption Vulnerability

Solution:
Gentoo Linux has released an advisory. Users who have installed dev-util/cvs are advised to upgrade their systems to cvs-1.11.5 by issuing the following commands:

emerge sync
emerge -u cvs
emerge clean

This issue has been addressed in CVS 1.11.5.

Cray OS versions 3.3 and earlier are vulnerable to this issue. Users of COS are advised to contact their local Cray service representative for fixes.

IBM AIX has a fix for CVS shipped with the Linux Affinity Toolbox. Users are advised to download CVS 1.11.1p1-3 from the following site:
ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/cvs/cvs-1.11.1p1-3.aix4.3.ppc.rpm

Sun has released a fix to address this issue in Sun Linux 5.0.3. Users are advised to upgrade as soon as possible.

Conectiva Linux has released an updated security advisory containing new fixes. It has been reported that the old fixes introduced problems in CVS. Users are advised to apply the latest fixes as soon as possible.

OpenBSD has made patches available which address this issue.

FreeBSD has released an advisory with patch information. Users are advised to upgrade to 4.7-STABLE or the appropriate CVS branch dated after the correction date or to install the appropriate patch:

2003-01-21 22:26:46 UTC (RELENG_4)
2003-02-04 18:05:07 UTC (RELENG_5_0)
2003-02-04 18:07:20 UTC (RELENG_4_7)
2003-02-04 18:08:26 UTC (RELENG_4_6)

Fixes are available:


CVS CVS 1.10.7

CrossWind CyberScheduler 1.10.7

CVS CVS 1.10.8

CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

FreeBSD FreeBSD 5.0

Sun Linux 5.0.3







 

Privacy Statement
Copyright 2008, SecurityFocus