Gentoo FoundationMGASA-2018-0355Updated mercurial packages fix security vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.4%
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (CVE-2018-13346). Fix mpatch.c that mishandles integer addition and subtraction (CVE-2018-13347). Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data (CVE-2018-13348). Remote attackers may bypass HTTP server permissions via batch wire protocol commands(CVE-2018-1000132).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | mercurial | <Â 4.6.2-1 | mercurial-4.6.2-1.mga5 |
| Mageia | 6 | noarch | mercurial | <Â 4.6.2-1 | mercurial-4.6.2-1.mga6 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.4%