cvs security update

2005-09-06T23:15:59
ID CESA-2005:756-01
Type centos
Reporter CentOS Project
Modified 2005-09-06T23:15:59

Description

CentOS Errata and Security Advisory CESA-2005:756-01

CVS (Concurrent Version System) is a version control system.

An insecure temporary file usage was found in the cvsbug program. It is possible that a local user could leverage this issue to execute arbitrary instructions as the user running cvsbug. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2693 to this issue.

All users of cvs should upgrade to this updated package, which includes a patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-September/012123.html

Affected packages: cvs

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html