From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:073 - Updated cvs packages fix vulnerability
Message-Id: <E1DOVah-0000QR-NQ@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Thu, 21 Apr 2005 00:55:11 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cvs
Advisory ID: MDKSA-2005:073
Date: April 20th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A buffer overflow and memory access problem in CVS have been
discovered by the CVS maintainer. The updated packages have been
patched to correct the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
fcca52a87c10c21980b5bb82e4146cd7 10.0/RPMS/cvs-1.11.17-1.2.100mdk.i586.rpm
3a8336cdfb01ebac7238dd2a90557cd0 10.0/SRPMS/cvs-1.11.17-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ebc0e0ca427a6a4af5e8cb3a02be6d10 amd64/10.0/RPMS/cvs-1.11.17-1.2.100mdk.amd64.rpm
3a8336cdfb01ebac7238dd2a90557cd0 amd64/10.0/SRPMS/cvs-1.11.17-1.2.100mdk.src.rpm
Mandrakelinux 10.1:
26f8c84536a69f008748013d58fa9731 10.1/RPMS/cvs-1.11.17-2.1.101mdk.i586.rpm
a78c97927dbf5531c72170c41a1b848c 10.1/SRPMS/cvs-1.11.17-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
fc4c1cf58191170ddc0e0c3d93c943b4 x86_64/10.1/RPMS/cvs-1.11.17-2.1.101mdk.x86_64.rpm
a78c97927dbf5531c72170c41a1b848c x86_64/10.1/SRPMS/cvs-1.11.17-2.1.101mdk.src.rpm
Mandrakelinux 10.2:
bde89da06e586ed4b1540c74758b16be 10.2/RPMS/cvs-1.11.19-1.1.102mdk.i586.rpm
3fbedcddb4d39abf1ea4197ab3ab8458 10.2/SRPMS/cvs-1.11.19-1.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
4363551cd317f849f3a456ab6175db1e x86_64/10.2/RPMS/cvs-1.11.19-1.1.102mdk.x86_64.rpm
3fbedcddb4d39abf1ea4197ab3ab8458 x86_64/10.2/SRPMS/cvs-1.11.19-1.1.102mdk.src.rpm
Corporate Server 2.1:
2f8c375ffdf2a5c842fa28f317c50a62 corporate/2.1/RPMS/cvs-1.11.17-1.2.C21mdk.i586.rpm
71bf64c5d64b7e7d8a051120f6fa3ea3 corporate/2.1/SRPMS/cvs-1.11.17-1.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
0bbb0a61241de7ea552a22f1bcee49e2 x86_64/corporate/2.1/RPMS/cvs-1.11.17-1.2.C21mdk.x86_64.rpm
71bf64c5d64b7e7d8a051120f6fa3ea3 x86_64/corporate/2.1/SRPMS/cvs-1.11.17-1.2.C21mdk.src.rpm
Corporate 3.0:
64346680df70221e6c8340fecdd383a1 corporate/3.0/RPMS/cvs-1.11.17-1.2.C30mdk.i586.rpm
1c5fd32822539582ce9f513f827d7697 corporate/3.0/SRPMS/cvs-1.11.17-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
66cd15abb301b08dc0c00c06829e6d2e x86_64/corporate/3.0/RPMS/cvs-1.11.17-1.2.C30mdk.x86_64.rpm
1c5fd32822539582ce9f513f827d7697 x86_64/corporate/3.0/SRPMS/cvs-1.11.17-1.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZ05PmqjQ0CJFipgRAja0AKClud6aVXXzLf9H+4rKvmThSfueOACeMV9z
ycCUcaUBp3qQvvnfQoZzZTA=
=xn3B
-----END PGP SIGNATURE-----