Advisories ยป MGASA-2017-0284

Updated cvs package fixes security vulnerability

Publication date: 19 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12836

Description

It was discovered that CVS, a centralised version control system, did not
correctly handle maliciously constructed repository URLs, which allowed an
attacker to run an arbitrary shell command (CVE-2017-12836).
                

References

SRPMS

6/core

5/core