Re: Fedora Legacy Test Update Notification: cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Should these notifications be sent to security lists such as bugtraq?

Jason Edgecombe

Jesse Keating wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORA-2004-1207
2004-01-24
- ---------------------------------------------------------------------

Name        : cvs
Version 7.2 : 1.11.1p1-9.7.legacy
Version 7.3 : 1.11.1p1-9.7.legacy
Version 7.2 : 1.11.2-9.legacy
Summary     : A version control system.
Description :
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.

- ---------------------------------------------------------------------
Update Information:

CAN-2003-0977:
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.


2003-12-18: Stable CVS Version 1.11.11 Released! (security update)

Contributed by: Derek Price

Stable CVS 1.11.11 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release adds code to the CVS server to prevent it from continuing as root after a user login, as an extra failsafe against a compromise of the CVSROOT/passwd file. Previously, any user with the ability to write the CVSROOT/passwd file could execute arbitrary code as the root user on systems with CVS pserver access enabled. We recommend this upgrade for all CVS servers!

- ---------------------------------------------------------------------
Changelog:

* Mon Jan 12 2004 Jason Rohwedder <rohwedde@xxxxxxxxxxxxxxx> 1.11.1p1-9.7.legacy

- - applied cvs-1.11.9-absolute-modules.patch
- - to make Seth's previous changelog true :)
- - He actually patched
- - http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88

* Mon Jan 12 2004 Seth Vidal <skvidal@xxxxxxxxxxxx>

- - apply security patch for CAN-2003-0977

* Tue Dec 30 2003 Seth Vidal <skvidal@xxxxxxxxxxxx> 1.11.1p1-8.7.duke.1

- - apply security patch for: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
- - second patch to make the above build


- ---------------------------------------------------------------------
This update can be downloaded from:
 http://download.fedoralegacy.org/redhat/

46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad 7.2/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm
469e08276fd61a06f816d4d7df68bc6c85a98560 7.2/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm


46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad 7.3/updates-testing/SRPMS/cvs-1.11.1p1-9.7.legacy.src.rpm
1dfba0ce740a20bd0977eede82f606ea2f907b00 7.3/updates-testing/i386/cvs-1.11.1p1-9.7.legacy.i386.rpm


31e98f14255c132d3f548a51096b0c444a45797a 8.0/updates-testing/SRPMS/cvs-1.11.2-9.legacy.src.rpm
e415df08fdfd35216c68651aa5214e7ecdb04268 8.0/updates-testing/i386/cvs-1.11.2-9.legacy.i386.rpm


Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.  This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content.  Please visit
http://www.fedoralegacy.org/download for directions on how to configure
yum and apt-get.
- ---------------------------------------------------------------------

Please test and comment.

- -- Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora Legacy Team (http://www.fedoralegacy.org)
Mondo DevTeam (www.mondorescue.org)
GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub)


Was I helpful?  Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAEjkN4v2HLvE71NURAiFHAJ91TtcDliZTgLkVp5ZAQcVGJXU54gCfRgsQ
CcxdIc3lZNe4NY7cA/68cYY=
=m7BJ
-----END PGP SIGNATURE-----


-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list








[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux