Описание
Security update for mercurial
This update for mercurial fixes the following issues:
- CVE-2017-1000115: path traversal via symlink could lead to unauthorized access (bsc#1053344)
- CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution (bsc#1052696)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
mercurial-2.8.2-15.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
mercurial-2.8.2-15.3.1
Ссылки
- Link for SUSE-SU-2017:2251-1
- E-Mail link for SUSE-SU-2017:2251-1
- SUSE Security Ratings
- SUSE Bug 1052696
- SUSE Bug 1053344
- SUSE CVE CVE-2017-1000115 page
- SUSE CVE CVE-2017-1000116 page
Описание
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP2:mercurial-2.8.2-15.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:mercurial-2.8.2-15.3.1
Ссылки
- CVE-2017-1000115
- SUSE Bug 1053344
Описание
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP2:mercurial-2.8.2-15.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:mercurial-2.8.2-15.3.1
Ссылки
- CVE-2017-1000116
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1054653
- SUSE Bug 1066430
- SUSE Bug 1071709