Advisories ยป MGASA-2017-0336

Updated bzr packages fix security vulnerability

Publication date: 10 Sep 2017
Modification date: 10 Sep 2017
Type: security
Affected Mageia releases : 5 , 6

Description

Adam Collard discovered that Bazaar did not properly handle host names
in 'bzr+ssh://' URLs. A remote attacker could use this to construct
a bazaar repository URL that when accessed could run arbitrary code
with the privileges of the user.
                

References

SRPMS

5/core

6/core