remote code execution in cvs

ID SUSE-SA:2005:024
Type suse
Reporter Suse
Modified 2005-04-18T14:31:00


The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the available updates. The CVE project has assigned the CAN number CAN-2005-0753.


There is no easy workaround except shutting down the CVS server.