openSUSE alert openSUSE-SU-2012:0310-1 (cvs) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-updates@opensuse.org 
Subject:
    	       openSUSE-SU-2012:0310-1: moderate: No summary available - BOX 
Date:
    	       Mon, 27 Feb 2012 21:08:31 +0100 (CET)
Message-ID:
    	       <20120227200831.3DB463216F@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   openSUSE Security Update: No summary available - BOX
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0310-1
Rating:             moderate
References:         #744059 
Cross-References:   CVE-2012-0804
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   A heap-based buffer overflow flaw was found in the way CVS
   read proxy connection HTTP responses. An attacker could
   exploit this to cause the application to crash or,
   potentially, execute arbitrary code in the context  of the
   user running the application (CVE-2012-0804).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch cvs-5861

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      cvs-1.12.12-166.169.1

   - openSUSE 11.4 (noarch):

      cvs-doc-1.12.12-166.169.1


References:

   http://support.novell.com/security/cve/CVE-2012-0804.html
   https://bugzilla.novell.com/744059
(Log in to post comments)