USN-3399-1: cvs vulnerability
21 August 2017
cvs could be made run programs as your login if it opened a specially crafted cvs repository.
- cvs - Concurrent Versions System
Hank Leininger discovered that cvs did not properly handle SSH
for remote repositories. A remote attacker could use this to
construct a cvs repository that when accessed could run arbitrary
code with the privileges of the user.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.