Advisories » MGASA-2017-0336

Updated bzr packages fix security vulnerability

Publication date: 10 Sep 2017
Modification date: 10 Sep 2017
Type: security
Affected Mageia releases : 5 , 6

Description

Adam Collard discovered that Bazaar did not properly handle host names
in 'bzr+ssh://' URLs. A remote attacker could use this to construct
a bazaar repository URL that when accessed could run arbitrary code
with the privileges of the user.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21681
• https://usn.ubuntu.com/usn/usn-3411-1/

SRPMS

5/core

• bzr-2.6.0-11.1.mga5

6/core

• bzr-2.7.0-1.1.mga6