Concurrent Version System (CVS): Moderate Update Fix Security Vulnerability

Users of Concurrent Version System (CVS) please be advised of a Moderate update fix security vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0918-01: [RHSA-2010:0918-01] Moderate: cvs security update

Product: Red Hat Enterprise Linux

Synopsis: Moderate: cvs security update

Summary: An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

Description: Concurrent Version System (CVS) is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially-crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository. (CVE-2010-3846) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/grcofG