mercurial-2.6.2-8.el7
エラータID: AXSA:2017-1906:02
Release date:
Monday, August 28, 2017 - 04:29
Subject:
mercurial-2.6.2-8.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Mercurial is a fast, lightweight source control management system designed
for efficient handling of very large distributed projects.
Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart
Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial
Extensions: http://www.selenic.com/mercurial/wiki/index.cgi/CategoryExtension
CVE-2017-1000
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2017-1000115
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Additional Info:
N/A
Download:
SRPMS
- mercurial-2.6.2-8.el7.src.rpm
MD5: 9c9470059511094a1281464910f8dbe0
SHA-256: bc0e9f545df78607bd3b5fddbf7aee1db36284036279b71f0b16d2da145452ee
Size: 3.60 MB
Asianux Server 7 for x86_64
- mercurial-2.6.2-8.el7.x86_64.rpm
MD5: 01cf9c753fb7ad44bf24a91962e379bf
SHA-256: d2b1b15df84869b40493b059115385017208a6978f020ea88728919f916156df
Size: 2.60 MB
日本語