HEADS UP: CVS import

Jeroen Ruigrok/asmodai asmodai at wxs.nl
Mon Jan 19 05:04:32 PST 2004


This release (1.11.11) has some security fixes, to know:

Stable CVS 1.11.11 has been released. Stable releases contain only bug
fixes from previous versions of CVS. This release adds code to the CVS
server to prevent it from continuing as root after a user login, as an
extra failsafe against a compromise of the CVSROOT/passwd file.
Previously, any user with the ability to write the CVSROOT/passwd file
could execute arbitrary code as the root user on systems with CVS
pserver access enabled. We recommend this upgrade for all CVS servers!

-- 
Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7  9D88 97E6 839B 2EAC 625B
http://www.tendra.org/   | http://diary.in-nomine.org/
Don't try to find the Answer where there ain't no Question here...





More information about the Kernel mailing list