Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Fedora 22 Mercurial Critical Remote Code Execution Update 2016-79604dde9f

fedora
Calendar Grey April 7, 2016
Scroller Fedora Esm H88
Important Mercurial security patch released to tackle urgent vulnerabilities linked to execution issues in Fedora 22. Update Immediately!
Security fix for CVE-2016-3630, CVE-2016-3068, CVE-2016-3069 and minor upgrade

Summary

Mercurial is a fast, lightweight source control management system designed

for efficient handling of very large distributed projects.

Quick start: https://wiki.mercurial-scm.org/QuickStart

Tutorial: Extensions:

Update Information:

Security fix for CVE-2016-3630, CVE-2016-3068, CVE-2016-3069 and minor upgrade

Change Log

References


[ 1 ] Bug #1322267 - CVE-2016-3069 mercurial: arbitrary code execution when converting Git repos https://bugzilla.redhat.com/show_bug.cgi?id=1322267 [ 2 ] Bug #1322266 - CVE-2016-3068 mercurial: arbitrary code execution with Git subrepos https://bugzilla.redhat.com/show_bug.cgi?id=1322266 [ 3 ] Bug #1322264 - CVE-2016-3630 mercurial: remote code execution in binary delta decoding https://bugzilla.redhat.com/show_bug.cgi?id=1322264

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mercurial' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mercurial
Product: Fedora 22
Version: 3.5.2
Release: 1.fc22
Summary: Mercurial -- a distributed SCM

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.