Mandriva Update For Cvs MDVSA-2012:044 (cvs) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in cvs: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client (CVE-2012-0804). The updated packages have been patched to correct this issue.

Affected

cvs on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-0804
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
Mandrake Security Advisory MDVSA-2009:135 (kernel)
Mandrake Security Advisory MDVSA-2009:143 (netpbm)
Mandrake Security Advisory MDVSA-2009:134 (firefox)
Mandrake Security Advisory MDVSA-2009:015 (ffmpeg)

Mandriva Update for cvs MDVSA-2012:044 (cvs)

Take action and discover your vulnerabilities