-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORA-2004-1207 2004-01-24 - --------------------------------------------------------------------- Name : cvs Version 7.2 : 1.11.1p1-9.7.legacy Version 7.3 : 1.11.1p1-9.7.legacy Version 7.2 : 1.11.2-9.legacy Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. - --------------------------------------------------------------------- Update Information: CAN-2003-0977: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. 2003-12-18: Stable CVS Version 1.11.11 Released! (security update) Contributed by: Derek Price Stable CVS 1.11.11 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release adds code to the CVS server to prevent it from continuing as root after a user login, as an extra failsafe against a compromise of the CVSROOT/passwd file. Previously, any user with the ability to write the CVSROOT/passwd file could execute arbitrary code as the root user on systems with CVS pserver access enabled. We recommend this upgrade for all CVS servers! - --------------------------------------------------------------------- Changelog: * Mon Jan 12 2004 Jason Rohwedder <rohwedde@xxxxxxxxxxxxxxx> 1.11.1p1-9.7.legacy - - applied cvs-1.11.9-absolute-modules.patch - - to make Seth's previous changelog true :) - - He actually patched - - http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88 * Mon Jan 12 2004 Seth Vidal <skvidal@xxxxxxxxxxxx> - - apply security patch for CAN-2003-0977 * Tue Dec 30 2003 Seth Vidal <skvidal@xxxxxxxxxxxx> 1.11.1p1-8.7.duke.1 - - apply security patch for: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977 - - second patch to make the above build - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad 7.2/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm 469e08276fd61a06f816d4d7df68bc6c85a98560 7.2/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm 46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad 7.3/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm 1dfba0ce740a20bd0977eede82f606ea2f907b00 7.3/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm 31e98f14255c132d3f548a51096b0c444a45797a 8.0/updates-testing/SRPMS/cvs-1.11.2-9.legacy.src.rpm e415df08fdfd35216c68651aa5214e7ecdb04268 8.0/updates-testing/i386/cvs-1.11.2-9.legacy.i386.rpm Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/download for directions on how to configure yum and apt-get. - --------------------------------------------------------------------- Please test and comment. - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) Mondo DevTeam (www.mondorescue.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAEjkN4v2HLvE71NURAiFHAJ91TtcDliZTgLkVp5ZAQcVGJXU54gCfRgsQ CcxdIc3lZNe4NY7cA/68cYY= =m7BJ -----END PGP SIGNATURE-----
