IBM Information for VU#650937
Concurrent Versions System (CVS) server improperly deallocates memory
- Vendor Information Help Date Notified: 20 Jan 2003
- Statement Date:
- Date Updated: 22 Jan 2003
The AIX operating system does not ship with CVS. However, CVS is available for installation on AIX from the Linux Affinity Toolbox.
CVS versions 1.11.1p1-2 and earlier are vulnerable to the issues discussed in CERT Vulnerability Note VU#650937 and any advisories which follow.
Users are advised to download CVS 1.11.1p1-3 from:
Please note that the above address was wrapped to two lines.
CVS 1.11.1p1-3 contains the security fixes made in CVS 1.11.5 to address these issues.
This software is offered on an "as-is" basis.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.