Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 503
Alerts This Week
Warning Icon 1 503

Mageia 2018-0355 Security Advisory: Mercurial Update with Fixes

mageia
Calendar Grey August 31, 2018
Dist Mageia Esm H88
MGASA-2018-0355 - Updated mercurial packages fix security vulnerabilities Publication date: 31 Aug 2
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragme...

Summary

This update provides mercurial version 4.6.2 and fixes the following security issues:
Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (CVE-2018-13346).
Fix mpatch.c that mishandles integer addition and subtraction (CVE-2018-13347).
Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data (CVE-2018-13348).
Remote attackers may bypass HTTP server permissions via batch wire protocol commands(CVE-2018-1000132).

References

- https://bugs.mageia.org/show_bug.cgi?id=22895

- - - https://www.cve.org/CVERecord?id=CVE-2018-13346

- https://www.cve.org/CVERecord?id=CVE-2018-13347

- https://www.cve.org/CVERecord?id=CVE-2018-13348

- https://www.cve.org/CVERecord?id=CVE-2018-1000132

Resolution

SRPMS

- 6/core/mercurial-4.6.2-1.mga6

- 5/core/mercurial-4.6.2-1.mga5

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 31 Aug 2018
URL: https://advisories.mageia.org/MGASA-2018-0355.html
Type: security
CVE: CVE-2018-13346, CVE-2018-13347, CVE-2018-13348, CVE-2018-1000132

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.