CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability

Solution:
Debian has released an advisory DSA 505-1 to address this issue. Please see the referenced advisory for more information.

SuSE has released an advisory SuSE-SA:2004:013 to address this issue. Please see the referenced advisory for more information.

A FreeBSD advisory (FreeBSD-SA-04:10.cvs) is available that includes information about how to address this issue. Please see the attached advisory for further information.

OpenPKG has released advisory OpenPKG-SA-2004.022 that adresses this issue. Please see the attached advisory for further information.

Mandrake Linux has released advisory MDKSA-2004:048 and fixes dealing with this issue. Please see the referenced advisory for more information.

RedHat has released advisory FEDORA-2004-126 to provide fixes for Fedora Core 1. Please see the attached advisory for details on obtaining and applying fixes.

RedHat has released advisory FEDORA-2004-131 to provide fixes for Fedora Core 2. Please see the attached advisory for details on obtaining and applying fixes.

RedHat has released advisory RHSA-2004:190-14 to provide fixes for this issue. Please see the attached advisory in web references for details on obtaining and applying fixes.

A Slackware advisory (SSA:2004-140-01) is available that provides updates for this issue. Please see the attached advisory for further details.

Gentoo has released advisory GLSA 200405-12 to provide fixes for this issue. Please see the attached advisory for further details. It is recommended that affected users issue the following commands as superuser:
emerge sync
emerge -pv ">=dev-util/cvs-1.11.16"
emerge ">=dev-util/cvs-1.11.16"

OpenBSD has released patches to resolve this issue in versions 3.4 and 3.5. Please see the patch files themselves for instructions on applying them to your system. Please see the referenced announcement from Otto Moerbeek for more information.

CVS versions 1.11.16 and 1.12.8 have been released to address this issue.

Turbolinux has released advisory TLSA-2004-15 to provide fixes for this issue. Please see the attached advisory for further details.

Silicon Graphics has released advisory 20040508-01-U and fixes dealing with this and other issues for SGI ProPack 2.4. Please see the referenced advisory for more information.

NetBSD has released advisory 2004-008 addressing this issue. Please see the referenced advisory for further information:

Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.

An Immunix Linux upgrade has been made available.


CVS CVS 1.10.7

CVS CVS 1.10.8

CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.10

CVS CVS 1.11.11

CVS CVS 1.11.14

CVS CVS 1.11.15

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

CVS CVS 1.11.5

CVS CVS 1.11.6

CVS CVS 1.12.1

CVS CVS 1.12.2

CVS CVS 1.12.5

CVS CVS 1.12.7


 

Privacy Statement
Copyright 2010, SecurityFocus