Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-697)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120686

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2016-697)

Resumen: The remote host is missing an update for the 'mercurial' package(s) announced via the ALAS-2016-697 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mercurial' package(s) announced via the ALAS-2016-697 advisory.

Vulnerability Insight:
It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068)

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. (CVE-2016-3630)

It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. (CVE-2016-3069)

Affected Software/OS:
'mercurial' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-3068
BugTraq ID: 85733
http://www.securityfocus.com/bid/85733
Debian Security Information: DSA-3542 (Google Search)
http://www.debian.org/security/2016/dsa-3542
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
https://security.gentoo.org/glsa/201612-19
RedHat Security Advisories: RHSA-2016:0706
http://rhn.redhat.com/errata/RHSA-2016-0706.html
SuSE Security Announcement: SUSE-SU-2016:1010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
SuSE Security Announcement: SUSE-SU-2016:1011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
SuSE Security Announcement: openSUSE-SU-2016:1016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
SuSE Security Announcement: openSUSE-SU-2016:1073 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-3069
Common Vulnerability Exposure (CVE) ID: CVE-2016-3630

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120686
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-697)
Resumen:	The remote host is missing an update for the 'mercurial' package(s) announced via the ALAS-2016-697 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mercurial' package(s) announced via the ALAS-2016-697 advisory. Vulnerability Insight: It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068) The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. (CVE-2016-3630) It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. (CVE-2016-3069) Affected Software/OS: 'mercurial' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3068 BugTraq ID: 85733 http://www.securityfocus.com/bid/85733 Debian Security Information: DSA-3542 (Google Search) http://www.debian.org/security/2016/dsa-3542 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html https://security.gentoo.org/glsa/201612-19 RedHat Security Advisories: RHSA-2016:0706 http://rhn.redhat.com/errata/RHSA-2016-0706.html SuSE Security Announcement: SUSE-SU-2016:1010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html SuSE Security Announcement: SUSE-SU-2016:1011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html SuSE Security Announcement: openSUSE-SU-2016:1016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:1073 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3069 Common Vulnerability Exposure (CVE) ID: CVE-2016-3630
Copyright	Copyright (C) 2016 Greenbone AG