SUSE-SU-2018:0127-1

Опубликовано: 17 янв. 2018

Источник: suse-cvrf

Описание

Security update for mercurial

This update for mercurial fixes the following issues:

CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. (bsc#1071715):

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

mercurial-2.3.2-0.18.6.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180127-1/
Link for SUSE-SU-2018:0127-1
https://lists.suse.com/pipermail/sle-security-updates/2018-January/003609.html
E-Mail link for SUSE-SU-2018:0127-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1071715
SUSE Bug 1071715
https://www.suse.com/security/cve/CVE-2017-17458/
SUSE CVE CVE-2017-17458 page

Описание

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP4:mercurial-2.3.2-0.18.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17458.html
CVE-2017-17458
https://bugzilla.suse.com/1071715
SUSE Bug 1071715

SUSE-SU-2018:0127-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2017-17458

Описание

Затронутые продукты

Ссылки