Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2004-161-01
HistoryJun 09, 2004 - 2:05 p.m.

cvs

2004-06-0914:05:46
Slackware Linux Project
www.slackware.com
12

0.948 High

EPSS

Percentile

99.1%

JSON

New cvs packages that have been upgraded to cvs-1.11.17 are available
for Slackware 8.1, 9.0, 9.1, and -current to fix various security
issues. Sites running a CVS server should upgrade to the new CVS
package right away.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414

Here are the details from the Slackware 9.1 ChangeLog:

Wed Jun 9 11:35:15 PDT 2004
patches/packages/cvs-1.11.17-i486-1.tgz: Upgraded to cvs-1.11.17.
From the cvs NEWS file:

  • Thanks to Stefan Esser & Sebastian Krahmer, several potential security
    problems have been fixed. The ones which were considered dangerous enough
    to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
    CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
    see <http://www.cve.mitre.org> for more information.
  • A potential buffer overflow vulnerability in the server has been fixed.
    This addresses the Common Vulnerabilities and Exposures Project’s issue
    CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information.
    (* Security fix *)

Where to find the new packages:

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.17-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.17-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.17-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.17-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
66db824432943ba55f59a967bb873ddd cvs-1.11.17-i386-1.tgz

Slackware 9.0 package:
ae99eefc6ec2e86d4957839a0bbd09d6 cvs-1.11.17-i386-1.tgz

Slackware 9.1 package:
e87625033650b3cc89172931e5dd2af4 cvs-1.11.17-i486-1.tgz

Slackware -current package:
941eb35ade93da89e622cd19e852c799 cvs-1.11.17-i486-1.tgz

Installation instructions:

First, shut down the cvs server if you are running one.

Then, upgrade the package:
> upgradepkg cvs-1.11.17-i486-1.tgz

Finally, restart the CVS server.

Related

nessus 13
openvas 14
gentoo 1
altlinux 2
securityvulns 1
freebsd_advisory 1
freebsd 1
redhat 1
osv 2
debian 4
suse 1
debiancve 4
cve 4
checkpoint_advisories 3
ubuntucve 4
nessus
nessus
Mandrake Linux Security Advisory : cvs (MDKSA-2004:058)
2004-07-31 00:00:00
Fedora Core 1 : cvs-1.11.17-1 (2004-169)
2004-07-23 00:00:00
SuSE-SA:2004:015: cvs
2004-07-25 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2004-161-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2004-161-01 cvs
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200406-06 (CVS)
2008-09-24 00:00:00
gentoo
gentoo
CVS: additional DoS and arbitrary code execution vulnerabilities
2004-06-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.15-alt4
2004-06-08 00:00:00
Security fix for the ALT Linux 5 package cvs version 1.11.15-alt3
2004-05-25 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 09/2004: More CVS remote vulnerabilities
2004-06-09 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:14.cvs
2004-09-19 00:00:00
freebsd
freebsd
cvs -- numerous vulnerabilities
2004-05-20 00:00:00
redhat
redhat
(RHSA-2004:233) cvs security update
2004-06-09 00:00:00
osv
osv
cvs - several vulnerabilities
2004-06-15 00:00:00
cvs - buffer overflow
2004-06-10 00:00:00
debian
debian
[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems
2004-06-15 08:26:37
[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems
2004-06-15 08:26:37
[SECURITY] [DSA 517-1] New CVS packages fix buffer overflow
2004-06-10 10:00:39
suse
suse
remote command execution in cvs
2004-06-09 13:52:11
debiancve
debiancve
CVE-2004-0416
2004-08-06 04:00:00
CVE-2004-0417
2004-08-06 04:00:00
CVE-2004-0418
2004-08-06 04:00:00
cve
cve
CVE-2004-0416
2004-08-06 04:00:00
CVE-2004-0418
2004-08-06 04:00:00
CVE-2004-0414
2004-08-06 04:00:00
checkpoint_advisories
checkpoint_advisories
CVS Argumentx Command Double Free (CVE-2004-0416)
2009-10-15 00:00:00
CVS Max-dotdot Protocol Command Integer Overflow - Ver2 (CVE-2004-0417)
2014-12-28 00:00:00
CVS Max-dotdot Protocol Command Integer Overflow (CVE-2004-0417)
2009-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2004-0416
2004-08-06 00:00:00
CVE-2004-0418
2004-08-06 00:00:00
CVE-2004-0414
2004-08-06 00:00:00

0.948 High

EPSS

Percentile

99.1%

JSON
Related for SSA-2004-161-01
nessus13openvas14gentoo1altlinux2securityvulns1freebsd_advisory1freebsd1redhat1osv2debian4suse1debiancve4cve4checkpoint_advisories3ubuntucve4