DragonFly BSD
DragonFly kernel List (threaded) for 2004-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: HEADS UP: CVS import

From: Jeroen Ruigrok/asmodai <asmodai@xxxxxx>
Date: Mon, 19 Jan 2004 14:01:52 +0100

This release (1.11.11) has some security fixes, to know:

Stable CVS 1.11.11 has been released. Stable releases contain only bug
fixes from previous versions of CVS. This release adds code to the CVS
server to prevent it from continuing as root after a user login, as an
extra failsafe against a compromise of the CVSROOT/passwd file.
Previously, any user with the ability to write the CVSROOT/passwd file
could execute arbitrary code as the root user on systems with CVS
pserver access enabled. We recommend this upgrade for all CVS servers!

Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7  9D88 97E6 839B 2EAC 625B
http://www.tendra.org/   | http://diary.in-nomine.org/
Don't try to find the Answer where there ain't no Question here...

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]