Oracle Linux 6 / 7 : mercurial (ELSA-2017-1576)
High Nessus Plugin ID 101076
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2017:1576 :
An update for mercurial is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects.
Security Fix(es) :
* A flaw was found in the way 'hg serve --stdio' command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. (CVE-2017-9462)
SolutionUpdate the affected mercurial packages.