openSUSE Security Update: No summary available - BOX ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0310-1 Rating: moderate References: #744059 Cross-References: CVE-2012-0804 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer overflow flaw was found in the way CVS read proxy connection HTTP responses. An attacker could exploit this to cause the application to crash or, potentially, execute arbitrary code in the context of the user running the application (CVE-2012-0804). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch cvs-5861 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): cvs-1.12.12-166.169.1 - openSUSE 11.4 (noarch): cvs-doc-1.12.12-166.169.1 References: http://support.novell.com/security/cve/CVE-2012-0804.html https://bugzilla.novell.com/744059