Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

Fedora 23 Mercurial Critical Remote Code Execution Vuln 215241

fedora
Calendar Grey April 7, 2016
Scroller Fedora Esm H88
Critical security patch for Fedora 23 covering various remote and potential code execution vulnerabilities in Mercurial.
Security fix for CVE-2016-3630, CVE-2016-3068, CVE-2016-3069 and minor upgrade

Summary

Mercurial is a fast, lightweight source control management system designed

for efficient handling of very large distributed projects.

Quick start:

Tutorial: Extensions:

Update Information:

Security fix for CVE-2016-3630, CVE-2016-3068, CVE-2016-3069 and minor upgrade

Change Log

References


[ 1 ] Bug #1322267 - CVE-2016-3069 mercurial: arbitrary code execution when converting Git repos https://bugzilla.redhat.com/show_bug.cgi?id=1322267 [ 2 ] Bug #1322266 - CVE-2016-3068 mercurial: arbitrary code execution with Git subrepos https://bugzilla.redhat.com/show_bug.cgi?id=1322266 [ 3 ] Bug #1322264 - CVE-2016-3630 mercurial: remote code execution in binary delta decoding https://bugzilla.redhat.com/show_bug.cgi?id=1322264

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mercurial' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mercurial
Product: Fedora 23
Version: 3.5.2
Release: 1.fc23
Summary: Mercurial -- a distributed SCM

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.