Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Scientific Linux SL7.x Important: Mercurial Security Fix for Code Execution

Calendar May 02, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory arbitrary code execution security fix important mercurial SL7
Important: mercurial security update 
Date: Mon, 2 May 2016 15:37:38 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: mercurial on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160502153738.432.63933@slpackages.fnal.gov>

Synopsis: Important: mercurial security update
Advisory ID: SLSA-2016:0706-1
Issue Date: 2016-05-02
CVE Numbers: CVE-2016-3068
 CVE-2016-3069
--

Security Fix(es):

* It was discovered that Mercurial failed to properly check Git sub-
repository URLs. A Mercurial repository that includes a Git sub-repository
with a specially crafted URL could cause Mercurial to execute arbitrary
code. (CVE-2016-3068)

* It was discovered that the Mercurial convert extension failed to
sanitize special characters in Git repository names. A Git repository with
a specially crafted name could cause Mercurial to execute arbitrary code
when the Git repository was converted to a Mercurial repository.
(CVE-2016-3069)
--

SL7
 x86_64
 emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm
 emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm
 mercurial-2.6.2-6.el7_2.x86_64.rpm
 mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm
 mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here