MDVSA-2012:044 -- Mandriva cvsID: oval:org.secpod.oval:def:302817 | Date: (C)2012-12-11 (M)2023-07-28 |
Class: PATCH | Family: unix |
A vulnerability has been found and corrected in cvs: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Linux 2011.0 |
Mandriva Linux 2010.1 |