cvs-1.11.23-11.1.0.1.AXS4

エラータID: AXSA:2012-238:01

Release date: 
Friday, February 24, 2012 - 13:17
Subject: 
cvs-1.11.23-11.1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

CVS (Concurrent Versions System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred.
CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release.
Security issues fixed with this release:
CVE-2012-0804
No information available at the time of writing, please refer to the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2012-0804
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.


Additional Info: 

N/A

Download: 

SRPMS
  1. cvs-1.11.23-11.1.0.1.AXS4.src.rpm
    MD5: 3f12bb1ccf7c53640a2ce3022ce5428d
    SHA-256: df0c07fd7a6cb3b26230465718106401eee323861194c8ef932aa16df0d08ec9
    Size: 2.85 MB

Asianux Server 4 for x86
  1. cvs-1.11.23-11.1.0.1.AXS4.i686.rpm
    MD5: 9ccc15917d09cad282c3cfb1d4711705
    SHA-256: 5c5bee6681c1b3a3cc3162f97dea98aa1ce756f34d4529f0d63283ba665b9690
    Size: 698.84 kB

Asianux Server 4 for x86_64
  1. cvs-1.11.23-11.1.0.1.AXS4.x86_64.rpm
    MD5: 47f197471ab6a9c0f4e02abb39242616
    SHA-256: bf33d2969f12e53fb16739f82e905ede092288a14f5e3589911b8f840dbf6b50
    Size: 710.99 kB