4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
16.0%
CentOS Errata and Security Advisory CESA-2005:756-01
CVS (Concurrent Version System) is a version control system.
An insecure temporary file usage was found in the cvsbug program. It is
possible that a local user could leverage this issue to execute arbitrary
instructions as the user running cvsbug. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2693 to this issue.
All users of cvs should upgrade to this updated package, which includes a
patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-September/074285.html
Affected packages:
cvs
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | cvs | < 1.11.1p1-19 | cvs-1.11.1p1-19.i386.rpm |