LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

cvs: client-side file overwrite vulnerability

Package(s):cvs CVE #(s):CAN-2004-0180
Created:April 14, 2004 Updated:May 18, 2004
Description: The cvs client is vulnerable to a pathname vulnerability which can allow a hostile server to overwrite files on the local system. The cvs server is subject to a similar vulnerability which allows the checkout of RCS archives anywhere on the server system. Versions 1.11.15 and 1.12.7 fix the problem.
Alerts:
Fedora FEDORA-2004-110 2004-04-22
Whitebox WBSA-2004:153-01 2004-04-19
Slackware SSA:2004-108-02 2004-04-17
Netwosix NW-2004-0011 2004-04-18
Debian DSA-486-1 2004-04-16
Gentoo 200404-13 2004-04-14
OpenPKG OpenPKG-SA-2004.013 2004-04-14
Red Hat RHSA-2004:153-01 2004-04-14
Red Hat RHSA-2004:154-01 2004-04-14
SuSE SuSE-SA:2004:008 2004-04-14
Mandrake MDKSA-2004:028 2004-04-14
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds