Ubuntu Security Notice 5102-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.
e71e1679f651bde177030852ead42d8e287182832c4dd5bc0623c2f76bc24094==========================================================================
Ubuntu Security Notice USN-5102-1
October 04, 2021
mercurial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Mercurial.
Software Description:
- mercurial: easy-to-use, scalable distributed version control system
Details:
It was discovered that Mercurial mishandled symlinks in subrepositories. An
attacker could use this issue to write arbitrary files to the
target’s filesystem. (CVE-2019-3902)
It was discovered that Mercurial incorrectly handled certain manifest files.
An attacker could use this issue to cause a denial of service and possibly
execute arbitrary code. (CVE-2018-17983)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mercurial 4.5.3-1ubuntu2.2
mercurial-common 4.5.3-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5102-1
CVE-2018-17983, CVE-2019-3902
Package Information:
https://launchpad.net/ubuntu/+source/mercurial/4.5.3-1ubuntu2.2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed