[Whitebox-announce] [WBSA-2004:004-01] Updated CVS packages fix minor security issue
John Morris
jmorris@beau.org
Thu, 12 Feb 2004 17:43:22 -0600 (CST)
----------------------------------------------------------------------
Security Advisory
Synopsis: Updated CVS packages fix minor security issue
Advisory ID: WBSA-2004:004-01
Issue date: 2004-01-14
Updated on: 2004-02-12
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2002-0844 CAN-2003-0977
----------------------------------------------------------------------
Updated cvs packages closing a vulnerability that could allow cvs to
attempt to create files and directories in the root file system are now
available.
More information is available in Red Hat, Inc's original advisory
available on their site at:
http://www.redhat.com/archives/enterprise-watch-list/2004-January/msg00004.html
To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.
Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth. The config
files already have entries for mirror sites commented out.
Up2Date's configuration file is at /etc/sysconfig/rhn/sources
Yum's configuration is in /etc/yum.conf