News

=========================================================== Ubuntu Security Notice USN-117-1 May 04, 2005 cvs vulnerability CAN-2005-0753 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: cvs The problem can be corrected by upgrading the affected package to version 1:1.12.9-1ubuntu0.1 (for Ubuntu 4.10), or 1:1.12.9-9ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Alen Zukich discovered a buffer overflow in the processing of version and author information in the CVS client. By tricking an user to connect to a malicious CVS server, an attacker could exploit this to execute arbitrary code with the privileges of the connecting user.