[securityat_private: [slackware-security] New CVS packages available]

From: White Vampire (whitevampireat_private)
Date: Wed Jan 22 2003 - 16:00:31 PST

Next message: OpenPKG: "[OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)"

Previous message: H D Moore: "[Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----- Forwarded message from Slackware Security Team <securityat_private> -----

Return-Path: <owner-slackware-securityat_private>
Delivered-To: whitvamp@localhost
Received: (qmail 22276 invoked from network); 22 Jan 2003 01:02:50 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 22 Jan 2003 01:02:50 -0000
Delivered-To: vampwhitat_private
Received: from mail102.csoft.net [63.111.26.110]
	by localhost with POP3 (fetchmail-5.8.3)
	for whitvamp@localhost (single-drop); Tue, 21 Jan 2003 20:02:50 -0500 (EST)
Received: (qmail 9694 invoked from network); 22 Jan 2003 00:47:19 -0000
Received: from unknown (HELO spf6.us4.outblaze.com) (205.158.62.33)
  by mail102.csoft.net with SMTP; 22 Jan 2003 00:47:19 -0000
Received: from bob.slackware.com (slackware.com [64.57.102.34])
	by spf6.us4.outblaze.com (8.12.6/8.12.6) with ESMTP id h0M0ghF2065696
	for <whitevampireat_private>; Wed, 22 Jan 2003 00:42:50 GMT
Received: (from daemon@localhost)
	by bob.slackware.com (8.11.6/8.11.6) id h0LN2E615426
	for slackware-security-outgoing; Tue, 21 Jan 2003 15:02:14 -0800
Received: from localhost (security@localhost)
	by bob.slackware.com (8.11.6/8.11.6) with ESMTP id h0LMQKS14291
	for <slackware-securityat_private>; Tue, 21 Jan 2003 14:26:20 -0800
Date: Tue, 21 Jan 2003 14:26:20 -0800 (PST)
From: Slackware Security Team <securityat_private>
To: slackware-securityat_private
Subject: [slackware-security] New CVS packages available
Message-ID: <Pine.LNX.4.21.0301211425220.14267-100000at_private>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-slackware-securityat_private
Precedence: bulk
Reply-To: Slackware Security Team <securityat_private>


New cvs packages are available to fix a security vulnerability.

Here are the details from the Slackware 8.1 ChangeLog:

- ----------------------------
Tue Jan 21 13:12:20 PST 2003
patches/packages/cvs-1.11.5-i386-1.tgz:  Upgraded to cvs-1.11.5.
   This release fixes a major security vulnerability in the CVS server
   by which users with read only access could gain write access.
   Details should be available at this URL (but don't seem to be yet):
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
   (* Security fix *)
- ----------------------------


WHERE TO FIND THE NEW PACKAGE:
- ------------------------------
Updated cvs package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz

Updated cvs package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.5-i386-1.tgz


MD5 SIGNATURE:
- --------------

Here is the md5sum for the package:

Slackware 8.1:
37d76c774c9474bf0117d429d6c3740e  cvs-1.11.5-i386-1.tgz

Slackware -current:
c43d82187dfa695aa53aaf5b4d3050a1  cvs-1.11.5-i386-1.tgz


INSTALLATION INSTRUCTIONS:
- --------------------------

As root, upgrade to the new cvs.tgz package:
# upgradepkg cvs.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- - Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomoat_private with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+



- ----- End forwarded message -----

- -- 
\   | \  /  White Vampire\Rem                |  http://gammaforce.org/
 \|\|  \/   whitevampireat_private        |  http://gammagear.com/
"Silly hacker, root is for administrators."  |  http://webfringe.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)

iD8DBQE+LzCe3+rxmnEDyl8RAjbKAKDjn4IZ3a9E7QcbhfVfNTimeYti+ACg6ujC
0ppoA89c+nh7CcgSNrckK/g=
=fg3o
-----END PGP SIGNATURE-----

Next message: OpenPKG: "[OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)"
Previous message: H D Moore: "[Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 06:12:18 PST