This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
Sebastian Krahmer from the SUSE security team discovered a remotely
exploitable vulnerability in the CVS client. When doing a cvs checkout
or update over a network, the client accepts absolute pathnames in the
RCS diff files. A maliciously configured server could then create any
file with content on the local user's disk. This problem affects all
versions of CVS prior to 1.11.15 which has fixed the problem.
The updated packages provide 1.11.14 with the pertinent fix for the
Update the affected cvs package.
Risk factor :
Low / CVSS Base Score : 2.6