remote code execution in cvs

2005-04-1814:31:00

lists.opensuse.org

0.896 High

EPSS

Percentile

98.5%

JSON

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the available updates. The CVE project has assigned the CAN number CAN-2005-0753.

Solution

There is no easy workaround except shutting down the CVS server.

OSVersionArchitecturePackageVersionFilename
openSUSE9.3i586cvs< 1.12.11-4.2cvs-1.12.11-4.2.i586.rpm
openSUSE9.0x86_64cvs< 1.11.6-85cvs-1.11.6-85.x86_64.rpm
openSUSE9.1x86_64cvs< 1.11.14-24.10cvs-1.11.14-24.10.x86_64.rpm
openSUSE9.2x86_64cvs< 1.12.9-2.2cvs-1.12.9-2.2.x86_64.rpm
openSUSE9.1i586cvs< 1.11.14-24.10cvs-1.11.14-24.10.i586.rpm
openSUSE9.2i586cvs< 1.12.9-2.2cvs-1.12.9-2.2.i586.rpm
openSUSE9.0i586cvs< 1.11.6-85cvs-1.11.6-85.i586.rpm
openSUSE9.3x86_64cvs< 1.12.11-4.2cvs-1.12.11-4.2.x86_64.rpm
openSUSE8.2i586cvs< 1.11.5-116cvs-1.11.5-116.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.3	i586	cvs	< 1.12.11-4.2	cvs-1.12.11-4.2.i586.rpm
openSUSE	9.0	x86_64	cvs	< 1.11.6-85	cvs-1.11.6-85.x86_64.rpm
openSUSE	9.1	x86_64	cvs	< 1.11.14-24.10	cvs-1.11.14-24.10.x86_64.rpm
openSUSE	9.2	x86_64	cvs	< 1.12.9-2.2	cvs-1.12.9-2.2.x86_64.rpm
openSUSE	9.1	i586	cvs	< 1.11.14-24.10	cvs-1.11.14-24.10.i586.rpm
openSUSE	9.2	i586	cvs	< 1.12.9-2.2	cvs-1.12.9-2.2.i586.rpm
openSUSE	9.0	i586	cvs	< 1.11.6-85	cvs-1.11.6-85.i586.rpm
openSUSE	9.3	x86_64	cvs	< 1.12.11-4.2	cvs-1.12.11-4.2.x86_64.rpm
openSUSE	8.2	i586	cvs	< 1.11.5-116	cvs-1.11.5-116.i586.rpm