Concurrent Version System (CVS): Moderate Update Fix Security Vulnerability

Users of Concurrent Version System (CVS) please be advised of a Moderate update fix security vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

RHSA-2010:0918-01: [RHSA-2010:0918-01] Moderate: cvs security update
Product: Red Hat Enterprise Linux
Synopsis: Moderate: cvs security update

An updated cvs package that fixes one security issue is now available for

Red Hat Enterprise Linux 6.


Concurrent Version System (CVS) is a version control system that can record

the history of your files.

An array index error, leading to a heap-based buffer overflow, was found in

the way CVS applied certain delta fragment changes from input files in the

RCS (Revision Control System file) format. If an attacker in control of a

CVS repository stored a specially-crafted RCS file in that repository, and

then tricked a remote victim into checking out (updating their CVS

repository tree) a revision containing that file, it could lead to

arbitrary code execution with the privileges of the CVS server process

on the system hosting the CVS repository. (CVE-2010-3846)