Slackware Advisory SSA:2003-345-01 Cvs Security Update Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2003-345-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-345-01

Insight

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the use of CVS as a server. A security problem which could allow an attacker to create directories and possibly files outside of the CVS repository has been fixed with the release of cvs-1.11.10. Any sites running a CVS server should upgrade to the new CVS package.

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2006-262-01 gzip
Slackware Advisory SSA:2004-125-01 lha update in bin package
Slackware Advisory SSA:2004-207-01 new samba packages
Slackware Advisory SSA:2004-014-02 INN security update
Slackware Advisory SSA:2006-259-01 x11

Slackware Advisory SSA:2003-345-01 cvs security update

Take action and discover your vulnerabilities