Slackware Advisory SSA:2004-108-02 Cvs Security Update Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-108-02.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-108-02

Insight

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and another security problem which may allow a client to view files outside of the CVS repository have been fixed with the release of cvs-1.11.15. Any sites running CVS should upgrade to the new CVS package.

Severity

Classification

CVE CVE-2004-0180, CVE-2004-0405

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Slackware Advisory SSA:2006-129-01 Apache httpd
Slackware Advisory SSA:2006-357-03 seamonkey
Slackware Advisory SSA:2007-243-01 java (jre, jdk)
Slackware Advisory SSA:2007-110-01 Slackware 11.0 x11-6.9.0 patch fix
Slackware Advisory SSA:2005-255-01 dhcpcd DoS

Slackware Advisory SSA:2004-108-02 cvs security update

Take action and discover your vulnerabilities