RHN Errata Alert: Updated CVS packages fix security issue
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
ttp://rack911.com:2095/horde/util/go.php?url=https%3A%2F%2Frhn.redhat.com%2Fnetwork%2Ferrata%2Ferrata_details.pxt%3Feid%3D2063&Horde=da5bbe0d0bb0e1624874c9303a86ee9a" target=_blank>https://rhn.redhat.com/network/errata/errata_details.pxt?eid=2063
Security Advisory - RHSA-2004:154-06
------------------------------------------------------------------------------
Summary:
Updated CVS packages fix security issue
Updated cvs packages that fix a client vulnerability that could be
exploited by a malicious server are now available.
Description:
CVS is a version control system frequently used to manage source code
repositories.
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can
create files with absolute pathnames. An attacker could create a fake
malicious CVS server that would cause arbitrary files to be created or
overwritten when a victim connects to it. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0180 to
this issue.
Users of CVS are advised to upgrade to these erratum packages, which
contain a patch correcting this issue.
------------------------------------------------------------------------------
