Mandriva Update For Cvs MDVSA-2012:044 (cvs) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in cvs: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client (CVE-2012-0804). The updated packages have been patched to correct this issue.

Affected

cvs on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-0804

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:131 (apr-util)
Mandrake Security Advisory MDVSA-2009:153 (dhcp)
Mandrake Security Advisory MDVSA-2009:045 (php)
Mandrake Security Advisory MDVSA-2009:116 (gnutls)
Mandrake Security Advisory MDVSA-2009:072 (perl-MDK-Common)

Mandriva Update for cvs MDVSA-2012:044 (cvs)

Take action and discover your vulnerabilities