Описание
Security update for mercurial
This update for mercurial fixes the following issues:
- CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. (bsc#1071715):
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
mercurial-2.8.2-15.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
mercurial-2.8.2-15.6.1
Ссылки
- Link for SUSE-SU-2018:0129-1
- E-Mail link for SUSE-SU-2018:0129-1
- SUSE Security Ratings
- SUSE Bug 1071715
- SUSE CVE CVE-2017-17458 page
Описание
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP2:mercurial-2.8.2-15.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3:mercurial-2.8.2-15.6.1
Ссылки
- CVE-2017-17458
- SUSE Bug 1071715