Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 46 articles for you...
203

Mageia 2025-0120: mercurial Security Advisory Updates

Mercurial SCM Web Interface cross site scripting. (CVE-2025-2361) References: - https://bugs.mageia.org/show_bug.cgi?id=34129 - https://www.openwall.com/lists/oss-security/2025/03/21/2 . MGASA-2025-0120 - Updated mercurial packages fix security vulnerability Publication date: 31 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0120.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-2361 Mercurial SCM Web Interface cross site scripting. (CVE-2025-2361) References: - https://bugs.mageia.org/show_bug.cgi?id=34129 - https://www.openwall.com/lists/oss-security/2025/03/21/2 - https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html - https://lists.debian.org/debian-security-announce/2025/msg00045.html - https://www.cve.org/CVERecord?id=CVE-2025-2361 SRPMS: - 9/core/mercurial-6.5.1-1.1.mga9 . Mercurial SCM Web Interface had a cross site scripting issue fixed in Mageia's security advisory 2025-0120.. mercurial, interface, cross, scripting, (cve-2025-2361), https, //bugs, mageia. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 31, 2025 Important Mageia
100

SUSE: 2025:1054-1 important: mercurial input sanitization issue

* bsc#1239685 Cross-References: * CVE-2025-2361 . # Security update for mercurial Announcement ID: SUSE-SU-2025:1054-1 Release Date: 2025-03-28T16:55:02Z Rating: important References: * bsc#1239685 Cross-References: * CVE-2025-2361 CVSS scores: * CVE-2025-2361 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L * CVE-2025-2361 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2025-2361 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-2361 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for mercurial fixes the following issues: * CVE-2025-2361: Fixed improper sanitization of user-controlled input passed via the cmd parameter in theMercurial SCM Web Interface (bsc#1239685) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1054=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1054=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1054=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1054=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1054=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1054=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1054=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1054=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1054=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1054=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1054=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1054=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1054=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1054=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * mercurial-5.9.1-150400.3.6.1 * mercurial-tests-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * mercurial-lang-5.9.1-150400.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-tests-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * openSUSE Leap 15.6 (noarch) * mercurial-lang-5.9.1-150400.3.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * mercurial-5.9.1-150400.3.6.1 *mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Manager Proxy 4.3 (x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * mercurial-5.9.1-150400.3.6.1 * mercurial-debuginfo-5.9.1-150400.3.6.1 * mercurial-debugsource-5.9.1-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2361.html * https://bugzilla.suse.com/show_bug.cgi?id=1239685 . Crucial announcement regarding Mercurial addressing flawed user-data validation. Safeguard against recognized vulnerabilities immediately.. mercurial update, SUSE vulnerability, security patch, software advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 28, 2025 Important SuSE
197

Debian LTS: DLA-4094-1: mercurial Security Advisory Updates

A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4094-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andreas Henriksson March 27, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : mercurial Version : 5.6.1-4+deb11u1 CVE ID : CVE-2025-2361 Debian Bug : 1100899 A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. A problem in mercurial related to CVE-2023-27043 being fixed in python was also adressed. For Debian 11 bullseye, these problems have been fixed in version 5.6.1-4+deb11u1. We recommend that you upgrade your mercurial packages. For the detailed security status of mercurial please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mercurial Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A cross-site scripting vulnerability in Mercurial fixed with security updates. Urgent upgrade recommended to maintain system integrity.. cross-site, scripting, vulnerability, hgweb, integrated, stand-alone, interfa. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 27, 2025 Important Debian LTS
87

Debian: DSA-5883-1: mercurial Security Advisory Updates

A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5883-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mercurial CVE ID : CVE-2025-2361 A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. For the stable distribution (bookworm), this problem has been fixed in version 6.3.2-1+deb12u1. We recommend that you upgrade your mercurial packages. For the detailed security status of mercurial please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mercurial Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A cross-site scripting security issue in the Mercurial version control system has been addressed in this advisory. Upgrade now.. cross-site, scripting, vulnerability, hgweb, integrated, stand-alone, interfa. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 22, 2025 Critical Debian
202

openSUSE: 2025:14912-1 moderate: mercurial-6.9.4-1.1 Advisory Security Update

An update that solves one vulnerability can now be installed.. # mercurial-6.9.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:14912-1 Rating: moderate Cross-References: * CVE-2025-2361 CVSS scores: * CVE-2025-2361 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2025-2361 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the mercurial-6.9.4-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * mercurial 6.9.4-1.1 * mercurial-lang 6.9.4-1.1 * mercurial-tests 6.9.4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2361.html . A moderate security advisory for openSUSE addressing CVE-2025-2361 in Mercurial version 6.9.4-1.1 with recommended updates.. update, solves, vulnerability, installed, mercurial-6, media. . LinuxSecurity.com Team

Calendar%202 Mar 21, 2025 OpenSUSE
172

Ubuntu 18.04 LTS: USN-5102-1 Critical Mercurial Security Flaws

Several security issues were fixed in Mercurial.. =========================================================================Ubuntu Security Notice USN-5102-1 October 04, 2021 mercurial vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Mercurial. Software Description: - mercurial: easy-to-use, scalable distributed version control system Details: It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. (CVE-2019-3902) It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. (CVE-2018-17983) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: mercurial 4.5.3-1ubuntu2.2 mercurial-common 4.5.3-1ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5102-1 CVE-2018-17983, CVE-2019-3902 Package Information: https://launchpad.net/ubuntu/+source/mercurial/4.5.3-1ubuntu2.2 . Multiple security issues resolved in Mercurial for Ubuntu 18.04 LTS. Recommended to update for improved safety.. Mercurial Updates, Ubuntu Security Notices, Software Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 04, 2021 Critical Ubuntu
100

SUSE: 2020:3003-1 Low Severity: Mercurial Security Vulnerability Resolved

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3003-1 Rating: low References: #1133035 Cross-References: CVE-2019-3902 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3003=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.18.4 mercurial-debuginfo-2.8.2-15.18.4 mercurial-debugsource-2.8.2-15.18.4 References: https://www.suse.com/security/cve/CVE-2019-3902.html https://bugzilla.suse.com/1133035 . SUSE Security Patch for mercurial: addresses a security concern with a minimal severity score. Follow the provided guidance for the update.. SUSE Security Update, Mercurial Patch, Low Severity Fix, Software Security Advisory. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Oct 22, 2020 Low SuSE
197

Debian LTS DLA-2293-1 Critical: Mercurial Security Update for DoS

Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458 . -------------------------------------------------------------------------Debian LTS Advisory DLA-2293-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ July 27, 2020 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : mercurial Version : 4.0-1+deb9u2 CVE ID : CVE-2017-17458 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 CVE-2018-1000132 CVE-2019-3902 Debian Bug : 901050 892964 927674 Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. CVE-2018-13346 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data. CVE-2018-13347 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction. CVE-2018-13348 The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not. CVE-2018-1000132 Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. Thisvulnerability appears to have been fixed in 4.5.1. CVE-2019-3902 Symbolic links and subrepositories could be used defeat Mercurial's path-checking logic and write files outside the repository root. For Debian 9 stretch, these problems have been fixed in version 4.0-1+deb9u2. We recommend that you upgrade your mercurial packages. For the detailed security status of mercurial please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mercurial Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A series of security flaws in Mercurial addressed for Debian 9: patch release DLA-2293-1, enhance your system today.. Debian LTS, secure update, Mercurial patch, vulnerability fix, version control security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 31, 2020 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200