openSUSE-SU-2017:3355-1

Опубликовано: 17 дек. 2017

Источник: suse-cvrf

Описание

Security update for mercurial

This update for mercurial fixes the following issue:

CVE-2017-17458: A specially malformed repository may have caused Git subrepositories to run arbitrary code (bsc#1071715)

Список пакетов

openSUSE Leap 42.2

mercurial-4.2.3-7.1

mercurial-lang-4.2.3-7.1

openSUSE Leap 42.3

mercurial-4.2.3-7.1

mercurial-lang-4.2.3-7.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-12/msg00071.html
E-Mail link for openSUSE-SU-2017:3355-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

Затронутые продукты

openSUSE Leap 42.2:mercurial-4.2.3-7.1

openSUSE Leap 42.2:mercurial-lang-4.2.3-7.1

openSUSE Leap 42.3:mercurial-4.2.3-7.1

openSUSE Leap 42.3:mercurial-lang-4.2.3-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17458.html
CVE-2017-17458
https://bugzilla.suse.com/1071715
SUSE Bug 1071715

openSUSE-SU-2017:3355-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-17458

Описание

Затронутые продукты

Ссылки