Mageia 2018-0355 Security Advisory: Mercurial Update with Fixes
mageia
August 31, 2018
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragme...
Summary
This update provides mercurial version 4.6.2 and fixes the following
security issues:
Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in
cases where the fragment start is past the end of the original data
(CVE-2018-13346).
Fix mpatch.c that mishandles integer addition and subtraction
(CVE-2018-13347).
Fix the mpatch_decode function in mpatch.c that mishandles certain
situations where there should be at least 12 bytes remaining after
the current position in the patch data (CVE-2018-13348).
Remote attackers may bypass HTTP server permissions via batch wire
protocol commands(CVE-2018-1000132).
References
- https://bugs.mageia.org/show_bug.cgi?id=22895
- - - https://www.cve.org/CVERecord?id=CVE-2018-13346
- https://www.cve.org/CVERecord?id=CVE-2018-13347
- https://www.cve.org/CVERecord?id=CVE-2018-13348
- https://www.cve.org/CVERecord?id=CVE-2018-1000132
Topics Covered
Resolution
SRPMS
- 6/core/mercurial-4.6.2-1.mga6
- 5/core/mercurial-4.6.2-1.mga5
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 31 Aug 2018
URL: https://advisories.mageia.org/MGASA-2018-0355.html
Type: security
CVE: CVE-2018-13346,
CVE-2018-13347,
CVE-2018-13348,
CVE-2018-1000132
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!