Mailinglist Archive: opensuse-updates (68 mails)

< Previous Next >
openSUSE-SU-2012:0310-1: moderate: No summary available - BOX
openSUSE Security Update: No summary available - BOX
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0310-1
Rating: moderate
References: #744059
Cross-References: CVE-2012-0804
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

A heap-based buffer overflow flaw was found in the way CVS
read proxy connection HTTP responses. An attacker could
exploit this to cause the application to crash or,
potentially, execute arbitrary code in the context of the
user running the application (CVE-2012-0804).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch cvs-5861

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

cvs-1.12.12-166.169.1

- openSUSE 11.4 (noarch):

cvs-doc-1.12.12-166.169.1


References:

http://support.novell.com/security/cve/CVE-2012-0804.html
https://bugzilla.novell.com/744059


< Previous Next >
This Thread
  • No further messages