Описание
Security update for mercurial
mercurial was updated to fix three security issues.
These security issues were fixed:
- CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176).
- CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177).
- CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12
mercurial-2.8.2-6.1
SUSE Linux Enterprise Software Development Kit 12 SP1
mercurial-2.8.2-6.1
Ссылки
- Link for SUSE-SU-2016:1010-1
- E-Mail link for SUSE-SU-2016:1010-1
- SUSE Security Ratings
- SUSE Bug 973175
- SUSE Bug 973176
- SUSE Bug 973177
- SUSE CVE CVE-2016-3068 page
- SUSE CVE CVE-2016-3069 page
- SUSE CVE CVE-2016-3630 page
Описание
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP1:mercurial-2.8.2-6.1
SUSE Linux Enterprise Software Development Kit 12:mercurial-2.8.2-6.1
Ссылки
- CVE-2016-3068
- SUSE Bug 973175
- SUSE Bug 973177
Описание
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP1:mercurial-2.8.2-6.1
SUSE Linux Enterprise Software Development Kit 12:mercurial-2.8.2-6.1
Ссылки
- CVE-2016-3069
- SUSE Bug 973175
- SUSE Bug 973176
Описание
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP1:mercurial-2.8.2-6.1
SUSE Linux Enterprise Software Development Kit 12:mercurial-2.8.2-6.1
Ссылки
- CVE-2016-3630
- SUSE Bug 973175