 Debian has issued an update for cvs. This fixes two vulnerabilities, which can be exploited by malicious people to bypass password protection or cause a DoS (Denial of Service).
1) A security issue makes it possible to bypass the password protection and gain access to a repository when using the pserver access method.
2) A vulnerability can be exploited to crash the CVS server when the cvs-repouids file exists but doesn't contain a mapping for the current repository.
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
Debian GNU/Linux 3.0
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10.dsc
Size/MD5 checksum: 683 59823fd39bbbe16620d03a946936885c
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10.diff.gz
Size/MD5 checksum: 55952 02e1d3ce442838837defa5952f548582
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_alpha.deb
Size/MD5 checksum: 1179144 9282b85f488096912601c02110ff40ad
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_arm.deb
Size/MD5 checksum: 1106418 270ed04648a240ffe138c53dcc21e23f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_i386.deb
Size/MD5 checksum: 1085370 a6a9d6e768bf94ff2d73f7c4297b4bfe
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_ia64.deb
Size/MD5 checksum: 1272522 843265de87691b70f7f3791b1de14787
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_hppa.deb
Size/MD5 checksum: 1148284 7e28816777f07485cffcf2065e948c1d
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_m68k.deb
Size/MD5 checksum: 1066564 62613fcbc6eddef7b4eb6103ef5849ae
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_mips.deb
Size/MD5 checksum: 1130690 a0b311ef90ea76653c119c729e6d9c79
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_mipsel.deb
Size/MD5 checksum: 1132148 e818238493b1b589410f802fc4166702
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_powerpc.deb
Size/MD5 checksum: 1117054 887d8a61fc0f66bba26125aca927b6f4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_s390.deb
Size/MD5 checksum: 1097842 43799198fefec02e443e065d839b5530
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_sparc.deb
Size/MD5 checksum: 1107744 a6cf45a0ea45609b1e1e9e381ec0b62e
-- Debian GNU/Linux unstable alias sid --
Fixed in version 1.12.9-11.
PROVIDED AND/OR DISCOVERED BY:
1) Maks Polunin and Alberto Garcia
2) Alberto Garcia
ORIGINAL ADVISORY:
http://www.debian.org/security/2005/dsa-715
VERIFY ADVISORY:
http://secunia.com/advisories/15126/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
