d00ren
Well-Known Member
von Todd C. Miller auf security-announce@
An audit of the cvs codebase performed by Stefan Esser and Sebastian
Krahmer has found some potential remote vulnerabilities in cvs.
While no exploits are known to exist for these bugs under OpenBSD
at this time, some of the bugs have proven exploitable on other
operating systems. Therefore, we encourage users running cvs servers
to patch their systems. Users running cvs clients (but not servers)
do not need to update.
The fixes have been committed to OpenBSD-current as well as the
3.4 and 3.5 -stable branches.
Patches against OpenBSD 3.4 and 3.5 are also available:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/023_cvs3.patch
the correct patch for 3.5:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch
For more details, please see:
http://security.e-matters.de/advisories/092004.html
An audit of the cvs codebase performed by Stefan Esser and Sebastian
Krahmer has found some potential remote vulnerabilities in cvs.
While no exploits are known to exist for these bugs under OpenBSD
at this time, some of the bugs have proven exploitable on other
operating systems. Therefore, we encourage users running cvs servers
to patch their systems. Users running cvs clients (but not servers)
do not need to update.
The fixes have been committed to OpenBSD-current as well as the
3.4 and 3.5 -stable branches.
Patches against OpenBSD 3.4 and 3.5 are also available:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/023_cvs3.patch
the correct patch for 3.5:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch
For more details, please see:
http://security.e-matters.de/advisories/092004.html