Sun Microsystems Inc. Information for VU#650937
Concurrent Versions System (CVS) server improperly deallocates memory
- Vendor Information Help Date Notified: 20 Jan 2003
- Statement Date:
- Date Updated: 19 Aug 2003
Sun does not include CVS with Solaris and therefore Solaris is not affected by this issue. Sun does provide CVS on the Solaris Companion CD:
Sun Linux, versions 5.0.3 and below, does ship with a vulnerable CVS package. Sun recommends that CVS services be disabled on affected Sun Linux systems until patches are available for this issue.
Sun will be publishing a Sun Alert for Sun Linux describing the patch information which will be available from:
The vendor has not provided us with any further information regarding this vulnerability.
Sun Cobalt Legacy Products and Linux 5.0.3 are vulnerable:
If you have feedback, comments, or additional information about this vulnerability, please send us email.