SB2017081210 - Arch Linux update for mercurial
Published: August 12, 2017 Updated: August 12, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2017-1000115)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
2) OS Command Injection (CVE-ID: CVE-2017-1000116)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
3) OS command injection (CVE-ID: CVE-2017-1000117)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.The weakness exists due to command injection flaw. A remote attacker (e.g., repository) can return a specially crafted 'ssh://' URL during 'clone' commands to execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) OS command injection (CVE-ID: CVE-2017-9800)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.The weakness exists due to command injection flaw. A remote attacker (e.g., repository, proxy server) can return a specially crafted 'svn+ssh://' URL during 'checkout', 'export', 'update', and 'switch' commands and execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.