Red Hat Enterprise Linux 7: RHSA-2019:2276-01 Moderate Update for Mercurial

red hat

August 6, 2019

An update for mercurial is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects.
Security Fix(es):
* mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347)
* mercurial: HTTP server permissions bypass (CVE-2018-1000132)
* mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Topics Covered

security advisory moderate Red Hat Enterprise Linux buffer underflow mercurial permissions bypass

References

https://access.redhat.com/security/cve/CVE-2018-13346 https://access.redhat.com/security/cve/CVE-2018-13347 https://access.redhat.com/security/cve/CVE-2018-1000132 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Package List

Red Hat Enterprise Linux Client Optional (v. 7):
Source: mercurial-2.6.2-10.el7.src.rpm
x86_64: emacs-mercurial-2.6.2-10.el7.x86_64.rpm emacs-mercurial-el-2.6.2-10.el7.x86_64.rpm mercurial-2.6.2-10.el7.x86_64.rpm mercurial-debuginfo-2.6.2-10.el7.x86_64.rpm mercurial-hgk-2.6.2-10.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: mercurial-2.6.2-10.el7.src.rpm
x86_64: emacs-mercurial-2.6.2-10.el7.x86_64.rpm emacs-mercurial-el-2.6.2-10.el7.x86_64.rpm mercurial-2.6.2-10.el7.x86_64.rpm mercurial-debuginfo-2.6.2-10.el7.x86_64.rpm mercurial-hgk-2.6.2-10.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: mercurial-2.6.2-10.el7.src.rpm
ppc64: mercurial-2.6.2-10.el7.ppc64.rpm mercurial-debuginfo-2.6.2-10.el7.ppc64.rpm
ppc64le: mercurial-2.6.2-10.el7.ppc64le.rpm mercurial-debuginfo-2.6.2-10.el7.ppc64le.rpm
s390x: mercurial-2.6.2-10.el7.s390x.rpm mercurial-debuginfo-2.6.2-10.el7.s390x.rpm
x86_64: mercurial-2.6.2-10.el7.x86_64.rpm mercurial-debuginfo-2.6.2-10.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: emacs-mercurial-2.6.2-10.el7.ppc64.rpm emacs-mercurial-el-2.6.2-10.el7.ppc64.rpm mercurial-debuginfo-2.6.2-10.el7.ppc64.rpm mercurial-hgk-2.6.2-10.el7.ppc64.rpm
ppc64le: emacs-mercurial-2.6.2-10.el7.ppc64le.rpm

Read the Full Advisory

Advisory ID: RHSA-2019:2276-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2019:2276

Issue date: 2019-08-06

Topic

An update for mercurial is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory moderate Red Hat Enterprise Linux buffer underflow mercurial permissions bypass

Relevant Releases Architectures

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Bugs Fixed

1553265 - CVE-2018-1000132 mercurial: HTTP server permissions bypass

1594087 - CVE-2018-13347 mercurial: Buffer underflow in mpatch.c:mpatch_apply()

1594090 - CVE-2018-13346 mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply()

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 7: RHSA-2019:2276-01 Moderate Update for Mercurial

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 7: RHSA-2019:2276-01 Moderate Update for Mercurial

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!