Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2016-3630: [security-announce] openSUSE-SU-2016:1016-1: important: Security update for mercurial - openSUSE Security Announce

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CVE
#vulnerability#git#rce

openSUSE Security Update: Security update for mercurial ______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1016-1 Rating: important References: #973175 #973176 #973177 Cross-References: CVE-2016-3068 CVE-2016-3069 CVE-2016-3630

Affected Products: openSUSE 13.2 ______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

mercurial was updated to fix three security issues.

These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176). - CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177). - CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-452=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):

mercurial-3.1.2-7.1 mercurial-debuginfo-3.1.2-7.1 mercurial-debugsource-3.1.2-7.1

- openSUSE 13.2 (noarch):

mercurial-lang-3.1.2-7.1

References:

https://www.suse.com/security/cve/CVE-2016-3068.html https://www.suse.com/security/cve/CVE-2016-3069.html https://www.suse.com/security/cve/CVE-2016-3630.html https://bugzilla.suse.com/973175 https://bugzilla.suse.com/973176 https://bugzilla.suse.com/973177

– To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907