22 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-1000115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository CVE-2017-1000115...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2017-1218)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1072-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-1000115
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...
Fedora Update for mercurial FEDORA-2017-fa1d8ad61a
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-1000115
Mercurial prior to 4.3 is vulnerable due to incomplete symlink auditing, which could allow a malicious repository to write files outside the repository. Multiple connected reports confirm the issue (CVE-2017-1000115) and describe path auditing weaknesses that could enable out-of-tree modification...
CVE-2017-1000115
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...
Fedora 25 : mercurial (2017-fa1d8ad61a)
Security fix for CVE-2017-1000115, CVE-2017-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2017-1218)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2017-1217)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
Debian DSA-3963-1 : mercurial - security update
Several issues were discovered in Mercurial, a distributed revision control system. - CVE-2017-9462 fixed in stretch only Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. - CVE-2017-1000115...
[SECURITY] [DSA 3963-1] mercurial security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq -...
CentOS 7 : mercurial (CESA-2017:2489)
An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Debian DLA-1072-1 : mercurial security update
Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository...
[SECURITY] [DLA 1072-1] mercurial security update
Package : mercurial Version : 2.2.2-4+deb7u5 CVE ID : CVE-2017-1000115 CVE-2017-1000116 Debian Bug : 871709 871710 Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115...
Fedora 26 : mercurial (2017-f03b04acbb)
Security fix for CVE-2017-1000115, CVE-2017-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Scientific Linux Security Update : mercurial on SL7.x x86_64 (20170817)
Security Fixes : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. CVE-2017-10001...
RHEL 7 : mercurial (RHSA-2017:2489)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2489 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Securi...
openSUSE Security Update : mercurial (openSUSE-2017-941)
This update for mercurial fixes the following issues : Mercurial was updated to 4.2.3, a security fix update for - CVE-2017-1000115: Incomplete symlink auditing allowed writing to files outside of the repository boo1053344 - CVE-2017-1000116: Client-side code execution via argument injection in S...
Oracle Linux 7 : mercurial (ELSA-2017-2489)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2489 advisory. 2.6.2-8 - Fix CVE-2017-1000115 and CVE-2017-1000116 Tenable has extracted the preceding description block directly from the Oracle Linux security...