L'équipe Vigil@nce veille les vulnérabilités publiques qui affectent votre parc informatique, puis propose des correctifs sécurité, une base de données de vigilance et des outils pour y remédier.

Vulnérabilité de cvs : multiples vulnérabilités

Synthèse de la vulnérabilité 

Le programme cvs contient plusieurs vulnérabilités mineures et une vulnérabilité majeure.
Systèmes impactés : Debian, Fedora, FreeBSD, Mandriva Linux, NetBSD, OpenBSD, openSUSE, RHEL, RedHat Linux, Slackware, TurboLinux, Unix (plateforme) ~ non exhaustif.
Gravité de cette alerte : 3/4.
Date de création : 19/04/2005.
Dates de révisions : 20/04/2005, 21/04/2005, 22/04/2005, 25/04/2005, 26/04/2005, 29/04/2005, 13/05/2005, 08/06/2005, 08/07/2005.
Références de cette alerte : 2005-006, 20050501-01-U, 773-1, BID-13217, CERTA-2005-AVI-167, CVE-2005-0753, DSA-742, DSA-742-1, DSA-773-1, FEDORA-2005-330, FLSA:155508, FLSA-2005-155508, FreeBSD-SA-05:05, FreeBSD-SA-05:05.cvs, MDKSA-2005:073, NetBSD-SA2005-006, OpenBSD 35-033, OpenBSD 36-016, OpenBSD 37-001, RHSA-2005:387, SGI 20050501, SSA:2005-111-01, SUSE-SA:2005:024, SUSE-SR:2005:012, TLSA-2005-51, V6-UNIXCVSBOFLEAKNULL, VIGILANCE-VUL-4913.

Description de la vulnérabilité 

L'outil cvs se compose d'un client et d'un serveur.

Plusieurs vulnérabilités ont été annoncées sur le serveur :
 - un buffer overflow, pouvant conduire à l'exécution de code
 - plusieurs fuites mémoires, saturant progressivement la mémoire
 - une erreur d'utilisation de pointeur NULL, conduisant à l'arrêt du serveur

Le client pourrait aussi être sensible à ces vulnérabilités.

Un attaquant, authentifié ou non, peut ainsi mener un déni de service ou faire exécuter du code sur le serveur cvs.
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Cette menace sécurité concerne les logiciels ou systèmes comme Debian, Fedora, FreeBSD, Mandriva Linux, NetBSD, OpenBSD, openSUSE, RHEL, RedHat Linux, Slackware, TurboLinux, Unix (plateforme) ~ non exhaustif.

Notre équipe Vigil@nce a déterminé que la gravité de cet avis de faille est important.

Le niveau de confiance est de type confirmé par l'éditeur, avec une provenance de client intranet.

Un attaquant avec un niveau de compétence expert peut exploiter cet avis de vulnérabilité.

Solutions pour cette menace 

cvs : versions.
Les versions 1.11.20 et 1.12.12 sont corrigées :
  http://www.cvshome.org/

Debian : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
  Source :
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.dsc
      Size/MD5 checksum: 683 5e63610a590a16f61203fab6a71ccf22
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.diff.gz
      Size/MD5 checksum: 57006 a143203742f3f812d951effcf4c37d0d
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
      Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
  Intel IA-32 :
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_i386.deb
      Size/MD5 checksum: 1085358 44faa4536ff37f3f538345c0d28ee600
  Intel IA-64 :
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_ia64.deb
      Size/MD5 checksum: 1272628 e4b3f0e7793ff732b5b353d0a50235bc

Debian : nouveaux paquetages pour amd64.
De nouveaux paquetages sont disponibles :
  DSA 762: several vulnerabilities
    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_amd64.deb
      Size/MD5 checksum: 93348 f20cd77b0317a52a22ff3fc3e56f9149
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_amd64.deb
      Size/MD5 checksum: 71740 ec4d663b7ff2b343a61189a0f6d4c916
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_amd64.deb
      Size/MD5 checksum: 64380 e4d7160dbb8ad9b8f8584cfcaaebdc3b
  DSA 754: insecure temporary file
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_amd64.deb
      Size/MD5 checksum: 1355084 cc43eefcbb317474e9a514796efed4e3
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_amd64.deb
      Size/MD5 checksum: 335606 3f90e36c020c22f2d60253e74ced43a4
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_amd64.deb
      Size/MD5 checksum: 1355304 637be8166b0238ebf635f5bd04e502b8
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_amd64.deb
      Size/MD5 checksum: 1355140 a1170292ee01c2685db6bc6cc994e2cd
  DSA 737: remote denial of service
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 68864 644b5553035ddc9ca5dc132246ee4897
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 44172 0f16aa6f739fde9413c0233c56f5cc42
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 2173184 e9879e707f562d2cf64236d17123af60
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 39990 b1f65575fc3d37aa86dd755410f3849e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 174648 880af48cf071b62a2bc80983122a74b4
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_amd64.deb
      Size/MD5 checksum: 256930 2d065a8e4cd0926de5361daa7d151eac
  DSA 733: insecure temporary files
    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_amd64.deb
      Size/MD5 checksum: 44156 a92ab5ec7041cc1c9d74cef0fa5fa6ae
  DSA 742: buffer overflow
    http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-11_amd64.deb
      Size/MD5 checksum: 1112862 0966106e6979ddf41d47b1516932ba45
  DSA 750: out-of-bound memory access
    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_amd64.deb
      Size/MD5 checksum: 59966 b964f129473b7292b13279f83c7eabb7
  DSA 760, DSA 767: several vulnerabilities
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_amd64.deb
      Size/MD5 checksum: 279102 40da7948eafae25a64a2399e62811145
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_amd64.deb
      Size/MD5 checksum: 129224 df578d41daa5c1f5c3038707c73e86b8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_amd64.deb
      Size/MD5 checksum: 64526 919fc4c40591d30411d5696e263bab2d
  DSA 749: format string error
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_amd64.deb
      Size/MD5 checksum: 184934 e4e5d87dafcd98bee77a4aa784ca3765
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_amd64.deb
      Size/MD5 checksum: 299876 181ed120b92c9985d773d2db51136191
    http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_amd64.deb
      Size/MD5 checksum: 221274 2c9255a0801c04f779e264bae84781ac
  DSA 744: programming error
    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_amd64.deb
      Size/MD5 checksum: 41090 1f39fb3d1e5aa450c60f6c96597b3f8c
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_amd64.deb
      Size/MD5 checksum: 56350 14f3bbc10a6b3be0837362bf95e613d1
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_amd64.deb
      Size/MD5 checksum: 33926 32e5605f7cf8932ba53257c259fd78b2
  DSA 734, DSA 7699: denial of service, memory alignment bug
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_amd64.deb
      Size/MD5 checksum: 937244 44dc68d95badf0887e7a9a4be36ef6e0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_amd64.deb
      Size/MD5 checksum: 102458 056299acb24b04c238857feca296b340
  DSA 753: format string
    http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_amd64.deb
      Size/MD5 checksum: 492138 bc1f860708f84b153cfc3822b83c096b
  DSA 770: insecure tmpfile creation
    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_amd64.deb
      Size/MD5 checksum: 130092 e3c7ef64140db42178b3f727eefa2228
  DSA 761: insecure temporary files
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 525792 8566d49e1f2604695d03dc55970974da
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 126004 63b865090d20bdda1a89f8cbde1f5ca8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 61634 0270d25e71831509f5f294affaaf48cf
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 52326 2f94113427489d9290c5a844d8fb3ef6
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 29842 e1627454181f3256bb69a42a60fa861e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 88868 ff2beb5e04eee075ad7b5f6ef75ce914
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_amd64.deb
      Size/MD5 checksum: 30834 7dad23bbef2dfc40add963543918d889
  DSA 758, DSA 765: buffer overflows
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 278522 a0718fa42dee37068db77cb18b7a6319
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 65984 d4706aabdbb5d84aeec4878f80ba1e85
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 471474 81a7db0e2f9da98448ada5060f38b9f7
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 136002 0e12187d9466b3c956d3cfa6c76646b8
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 176930 cd9f3a156afc87154e94d53b8f953572
    http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 43120 50c31f5b437bb3ea53e20892e68f94a7
    http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 76858 e659f50448c3f622f95ff9fe0b30bcc4
    http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 53628 3876c69d7980c0eec5affbeb1c71af42
    http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 53188 e41084931ccac2277531faf280ffd657
    http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 38314 93431fa20ee9125e9908bad090ddfd92
    http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 48634 0d0f59aa89e35bfe6a8bb02d07bcf1a0
    http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 37234 694f87eec9ace45593e03a0145fe2bab
    http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_amd64.deb
      Size/MD5 checksum: 143832 db4250198e7b0f2da6127a12952e318b
  DSA 743: buffer overflows, integer overflows
    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_amd64.deb
      Size/MD5 checksum: 531186 25cf7b9e7a03de9b20c3f228c991ed22
  DSA 757: buffer overflow, double-free memory
    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 103952 a1bad7b0cb8b18f364f757eac8a94f2c
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 216248 b296329fbeb6a6f2a49f789e3acc17ce
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 56336 7e05a80d20ea210791bd1eb266f49a7e
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 124082 1e425dabc2d917506024d6c63e0e1b54
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 82128 bc3129c51bce75fb98489cf5598a33d6
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 62880 ae50e1618cbfc1159a25b3b6cf6b6b51
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 137088 8308257a29fa9c7aeaa3e6e69c26866a
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 176964 5541c67a17e88a35a1693aacd3ac6f20
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 651660 595c6aa1d44b013a5f848939e2463ee9
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_amd64.deb
      Size/MD5 checksum: 368756 ba1a2761c8839afa64dfa240e9481288
  DSA 771: several vulnerabilities
    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 16006 d1f474c458d77bf83c906188d301bfb0
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 106804 c0bb95df466aed853386993ad5f5e251
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 188340 bd750bb60a24fcc52121c4667e3e11e6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 89098 4d822c7082526782e4baeaac4e3bcbd9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 57286 53089cae1e705dc85511a7aaae5c7da1
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 66370 ad9e364e079f4a80ab63b232dd00049a
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 52818 06566ea9631d8bdb2792fe6bb17ba327
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 162490 96ad6d4e522188708da7caeb90970e68
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_amd64.deb
      Size/MD5 checksum: 566040 65bc4610c763e2254a6488a9aec1a5c9
  DSA 725: missing privilege release
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_amd64.deb
      Size/MD5 checksum: 240190 bb69a870e1f49042a4703b368d17d6c5
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_amd64.deb
      Size/MD5 checksum: 74498 00604fe63f4c324bd1afe2d897770f65
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_amd64.deb
      Size/MD5 checksum: 60870 75cbed2a76f5cea23a8c862f3c3a4a14
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_amd64.deb
      Size/MD5 checksum: 68586 757d9d9469a4cdad5f49d45fa09d8734
  DSA 728: missing privilege release
    http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_amd64.deb
      Size/MD5 checksum: 415030 903c9e8a07c01d247fd349556217690e
    http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_amd64.deb
      Size/MD5 checksum: 416602 e97849158c71b4a21e29dee69b33ec7c
  DSA 738: remote denial of service
    http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_amd64.deb
      Size/MD5 checksum: 116184 1ccb6ccfb9560ce78cf1a4d6eee7ce48
  DSA 748: bad default value
    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 134268 4b4996e21f1aa4f0cfe9fa2bcf551f7b
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 135696 33dcd5ae5a84421da01a215a51da1422
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 232378 6c541f1a11b3f446a5c8af954f41f25e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 131836 4360a0a705563bf01e5c58227ec2065c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 1391174 d98b5938cd9dfe6540d35c8323b03a0e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 779568 fd2afcfa86e1aebeb8956d4037c5296c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 1439920 2be5a6776460941112d9a5f8db39d06a
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 150790 f7e2279c5702afe10ba797fc759e9044
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_amd64.deb
      Size/MD5 checksum: 648138 8c5d0d77be69b9b7b4599f559c7ad2bc
  DSA 736: remote denial of service
    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_amd64.deb
      Size/MD5 checksum: 58606 e60be541d4ba035f724746c9af909587
  DSA 735: pathname validation race
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_amd64.deb
      Size/MD5 checksum: 169482 6c8b00e7e0536bd55e54edbb28dec5bf
  DSA-740, DSA 763: remote denial of service
    http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_amd64.deb
      Size/MD5 checksum: 27942 ef4d0d5aca91366a4823f53bf5b9c9b7
    http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_amd64.deb
      Size/MD5 checksum: 67298 ce68f539762dc35d4a4119aa20cf14ef
    http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_amd64.deb
      Size/MD5 checksum: 503740 fa00a365669a212af5470fb2ba29fcad

Fedora : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
c542a69c89fa358cf682a1e6ac3d42b9 SRPMS/cvs-1.11.17-6.FC3.src.rpm
fe4e4f331cb1ad9036762cf5b4e22af8 x86_64/cvs-1.11.17-6.FC3.x86_64.rpm
7c319e346c6d4f93733d7e9e665527eb x86_64/debug/cvs-debuginfo-1.11.17-6.FC3.x86_64.rpm
7231ad6c1bacb3c2e8e1d23434f6f540 i386/cvs-1.11.17-6.FC3.i386.rpm
820b4af4748a658e18d5e879b41bf81b i386/debug/cvs-debuginfo-1.11.17-6.FC3.i386.rpm

FreeBSD : patches.
Des patches sont disponibles :
FreeBSD 4.10
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch
FreeBSD 4.11 et 5.3
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch

Mandrake : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
 Mandrakelinux 10.0:
 fcca52a87c10c21980b5bb82e4146cd7 10.0/RPMS/cvs-1.11.17-1.2.100mdk.i586.rpm
 3a8336cdfb01ebac7238dd2a90557cd0 10.0/SRPMS/cvs-1.11.17-1.2.100mdk.src.rpm
 Mandrakelinux 10.0/AMD64:
 ebc0e0ca427a6a4af5e8cb3a02be6d10 amd64/10.0/RPMS/cvs-1.11.17-1.2.100mdk.amd64.rpm
 3a8336cdfb01ebac7238dd2a90557cd0 amd64/10.0/SRPMS/cvs-1.11.17-1.2.100mdk.src.rpm
 Mandrakelinux 10.1:
 26f8c84536a69f008748013d58fa9731 10.1/RPMS/cvs-1.11.17-2.1.101mdk.i586.rpm
 a78c97927dbf5531c72170c41a1b848c 10.1/SRPMS/cvs-1.11.17-2.1.101mdk.src.rpm
 Mandrakelinux 10.1/X86_64:
 fc4c1cf58191170ddc0e0c3d93c943b4 x86_64/10.1/RPMS/cvs-1.11.17-2.1.101mdk.x86_64.rpm
 a78c97927dbf5531c72170c41a1b848c x86_64/10.1/SRPMS/cvs-1.11.17-2.1.101mdk.src.rpm
 Mandrakelinux 10.2:
 bde89da06e586ed4b1540c74758b16be 10.2/RPMS/cvs-1.11.19-1.1.102mdk.i586.rpm
 3fbedcddb4d39abf1ea4197ab3ab8458 10.2/SRPMS/cvs-1.11.19-1.1.102mdk.src.rpm
 Mandrakelinux 10.2/X86_64:
 4363551cd317f849f3a456ab6175db1e x86_64/10.2/RPMS/cvs-1.11.19-1.1.102mdk.x86_64.rpm
 3fbedcddb4d39abf1ea4197ab3ab8458 x86_64/10.2/SRPMS/cvs-1.11.19-1.1.102mdk.src.rpm

NetBSD : patch pour CVS.
L'annonce de NetBSD détaille la procédure.

OpenBSD : patches.
Des patches sont disponibles :
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/033_cvs4.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_cvs.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/001_cvs.patch

Red Hat Linux, Fedora Core : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
Red Hat Linux 7.3:
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/cvs-1.11.1p1-17.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cvs-1.11.2-25.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cvs-1.11.2-25.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/cvs-1.11.17-1.2.legacy.i386.rpm
Fedora Core 2:
SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/2/updates/i386/cvs-1.11.17-2.2.legacy.i386.rpm

RHEL : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
Red Hat Enterprise Linux 2.1 : cvs-1.11.1p1-18
Red Hat Enterprise Linux 3 : cvs-1.11.2-27
Red Hat Enterprise Linux 4 : cvs-1.11.17-7.RHEL4

SGI ProPack : nouveaux paquetages xloadimage, cvs, openoffice, sharutils, php, mozilla.
Le patch 10168 est disponible :
  http://support.sgi.com/
Des RPMs individuels sont aussi proposés :
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Slackware : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.20-i386-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.20-i386-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.20-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/cvs-1.11.20-i486-1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/cvs-1.11.20-i486-1.tgz

SuSE : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
    SUSE Linux 9.3:
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/cvs-1.12.11-4.2.i586.rpm
      8e27dd3b7a9867940830aa9dd8fd95bc
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/cvs-1.12.11-4.2.i586.patch.rpm
      acd6904641df500ca50da8147ee54019
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/cvs-1.12.11-4.2.src.rpm
      6a075a97c2bd30ade965e90e0f9671c4
    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/cvs-1.12.9-2.2.i586.rpm
      7192dce3bb42cd51c98a3510e9e5e73a
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/cvs-1.12.9-2.2.i586.patch.rpm
      ae4b8f9096b50e7f1c3a15e715e4c8e7
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/cvs-1.12.9-2.2.src.rpm
      cebc4e07ac34f6a6f76789d6ce0eba37
    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.10.i586.rpm
      07778aea3050bcf05c96ae680b9d01e4
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.10.i586.patch.rpm
      60591530555521e34d798a0d0365686a
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/cvs-1.11.14-24.10.src.rpm
      bd4b0324b51cee45f247e41f2f6139d4
    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-85.i586.rpm
      795f6e5a6849706bb439366129833841
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-85.i586.patch.rpm
      ec2bb29f912831f9d5e7dd15ec950d9b
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/cvs-1.11.6-85.src.rpm
      a3695ffd8f741a9f376e5e3244d412c8
    SUSE Linux 8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-116.i586.rpm
      6fc24ea4712d10855e60d26b9262f48c
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-116.i586.patch.rpm
      7b4e1cae79c33c4965b53159bd888a70
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/cvs-1.11.5-116.src.rpm
      401896062510804b79ba75a5e800d9e2

SuSE : nouveaux paquetages heimdal, php, cvs, squid et xli.
De nouveaux paquetages sont disponibles par FTP ou YaST.

Turbolinux : nouveaux paquetages cvs.
De nouveaux paquetages sont disponibles :
Turbolinux Appliance Server 1.0 : cvs-1.12.12-1
Turbolinux 10 : cvs-1.12.12-1
Turbolinux 8 Server : cvs-1.12.12-1
Turbolinux 7 Server : cvs-1.12.12-1
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Service de veille sur les vulnérabilités informatiques 

Vigil@nce fournit des alertes de vulnérabilités informatiques. La cellule de veille technologique suit les menaces sécurité qui ciblent le parc informatique.