Scientific Linux Security Update : mercurial on SL7.x x86_64
Medium Nessus Plugin ID 90854
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was discovered that Mercurial failed to properly check Git sub- repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068)
- It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository.
SolutionUpdate the affected packages.