USN-117-1: cvs vulnerability

4 May 2005

cvs vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Alen Zukich discovered a buffer overflow in the processing of version and author information in the CVS client. By tricking an user to connect to a malicious CVS server, an attacker could exploit this to execute arbitrary code with the privileges of the connecting user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
cvs
Ubuntu 4.10
cvs

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References