Advisories ยป MGASA-2018-0355

Updated mercurial packages fix security vulnerabilities

Publication date: 31 Aug 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-13346 , CVE-2018-13347 , CVE-2018-13348 , CVE-2018-1000132

Description

This update provides mercurial version 4.6.2 and fixes the following
security issues:

Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in
cases where the fragment start is past the end of the original data
(CVE-2018-13346).

Fix mpatch.c that mishandles integer addition and subtraction
(CVE-2018-13347).

Fix the mpatch_decode function in mpatch.c that mishandles certain
situations where there should be at least 12 bytes remaining after
the current position in the patch data (CVE-2018-13348).

Remote attackers may bypass HTTP server permissions via batch wire
protocol commands(CVE-2018-1000132).
                

References

SRPMS

5/core

6/core