bin/62255: 2003-12-18: Stable CVS Version 1.11.11 Released!
(security update)
Jacques Marneweck
jacques at ataris.co.za
Mon Feb 2 04:30:26 PST 2004
>Number: 62255
>Category: bin
>Synopsis: 2003-12-18: Stable CVS Version 1.11.11 Released! (security update)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 02 04:30:20 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Jacques Marneweck
>Release: 4.9-STABLE
>Organization:
Ataris Technologies
>Environment:
FreeBSD XXXXX.YYYYYYY.co.za 4.9-STABLE FreeBSD 4.9-STABLE #1: Mon Feb 2 01:26:27 SAST 2004 ZZZZZ at XXXXX.YYYYY.co.za:/usr/obj/usr/src/sys/XXXXXX i386
>Description:
Stable CVS 1.11.11 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release adds code to the CVS server to prevent it from continuing as root after a user login, as an extra failsafe against a compromise of the CVSROOT/passwd file. Previously, any user with the ability to write the CVSROOT/passwd file could execute arbitrary code as the root user on systems with CVS pserver access enabled. We recommend this upgrade for all CVS servers!
Take a look at the NEWS file from the source distribution or go directly to the downloads page.
>How-To-Repeat:
>Fix:
Update the version of cvs in /usr/src/contrib/cvs
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list