Mandriva Linux Security Advisory : cvs (MDVSA-2012:044)
Critical Nessus Plugin ID 58531
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in cvs :
A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client (CVE-2012-0804).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected cvs package.