Gentoo Linux Security Announcement - dev-util/cvs (200312-08)

Dieses Thema im Forum "Gentoo" wurde erstellt von ozoon, 29.12.2003.

  1. ozoon

    ozoon Chefdiplomat

    Dabei seit:
    13.04.2003
    Beiträge:
    434
    Zustimmungen:
    0
    Ort:
    AUT
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1


    - --------------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200312-08
    - --------------------------------------------------------------------------

    GLSA: 200312-08
    package: dev-util/cvs
    summary: Fix for possible root compromise when using CVS pserver
    severity: high
    Gentoo bug: 36142
    date: 2003-12-28
    exploit: unknown
    affected: <=1.11.10
    fixed: >=1.11.11


    DESCRIPTION:

    Quote from <http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88>:

    "Stable CVS 1.11.11 has been released. Stable releases contain only
    bug fixes from previous versions of CVS. This release adds code to
    the CVS server to prevent it from continuing as root after a user
    login, as an extra failsafe against a compromise of the
    CVSROOT/passwd file. Previously, any user with the ability to write
    the CVSROOT/passwd file could execute arbitrary code as the root
    user on systems with CVS pserver access enabled. We recommend this
    upgrade for all CVS servers!"


    SOLUTION:

    All Gentoo Linux machines with cvs installed should be updated to use
    cvs-1.11.11 or higher.

    emerge sync
    emerge -pv '>=dev-util/cvs-1.11.11'
    emerge '>=dev-util/cvs-1.11.11'
    emerge clean


    // end

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (Darwin)

    iD8DBQE/79SAnt0v0zAqOHYRAuWTAJ9UY/lAvsKQRtHLQZr/zDUf5eok6wCgumZt
    ICbAjuPbALouwsdG16pqS6s=
    =UQlf
    -----END PGP SIGNATURE-----
     
  2. Anzeige

    Schau dir mal diese Kategorie an. Dort findest du bestimmt etwas.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
Thema:

Gentoo Linux Security Announcement - dev-util/cvs (200312-08)

Die Seite wird geladen...

Gentoo Linux Security Announcement - dev-util/cvs (200312-08) - Ähnliche Themen

  1. Google bringt WLAN-Router mit Gentoo Linux auf den Markt

    Google bringt WLAN-Router mit Gentoo Linux auf den Markt: Google stellt einen Router vor, der mit Gentoo Linux läuft und dem ac-Standard entspricht. Der »OnHub« genannte Router wurde zusammen mit dem...
  2. Gentoo Linux Security Advisory 201301-01

    Gentoo Linux Security Advisory 201301-01: Gentoo Linux Security Advisory 201301-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat,...
  3. Gentoo Linux Security Advisory 201211-01

    Gentoo Linux Security Advisory 201211-01: Gentoo Linux Security Advisory 201211-1 - Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file...
  4. Gentoo Linux Security Advisory 201210-05

    Gentoo Linux Security Advisory 201210-05: Gentoo Linux Security Advisory 201210-5 - Two vulnerabilities have been found in Bash, the worst of which may allow execution of arbitrary code....
  5. Gentoo Linux Security Advisory 201210-06

    Gentoo Linux Security Advisory 201210-06: Gentoo Linux Security Advisory 201210-6 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause...