CVE-2016-3068: Input Validation

First published: Wed Apr 13 2016(Updated: )

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
pip/mercurial	<3.7.3	3.7.3
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Mercurial Mercurial	<=3.7.2
Fedoraproject Fedora	=22
Fedoraproject Fedora	=23
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Hpc Node	=7.0
Redhat Enterprise Linux Hpc Node Eus	=7.2
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.2
Redhat Enterprise Linux Server Eus	=7.2
Redhat Enterprise Linux Workstation	=7.0
SUSE Linux Enterprise Debuginfo	=11-sp4
openSUSE openSUSE	=13.2
SUSE Linux Enterprise Software Development Kit	=11-sp4
SUSE Linux Enterprise Software Development Kit	=12
SUSE Linux Enterprise Software Development Kit	=12-sp1
openSUSE Leap	=42.1

Remedy

https://selenic.com/repo/hg-stable/rev/34d43cb85de8

Never miss a vulnerability like this again

Reference Links

agent/type
agent/first-publish-date
agent/weakness
agent/remedy
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-j7c2-rqm3-c97m
alias/CVE-2016-3068
agent/software-canonical-lookup
agent/references
agent/author
agent/last-modified-date
agent/severity
agent/event
collector/github-advisory
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
collector/mitre-cve
source/MITRE
package-manager/pip
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
vendor/mercurial
canonical/mercurial mercurial
version/mercurial mercurial/3.7.2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/22
version/fedoraproject fedora/23
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux hpc node
version/redhat enterprise linux hpc node/7.0
canonical/redhat enterprise linux hpc node eus
version/redhat enterprise linux hpc node eus/7.2
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.2
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.2
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/suse
canonical/suse linux enterprise debuginfo
version/suse linux enterprise debuginfo/11-sp4
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/13.2
canonical/suse linux enterprise software development kit
version/suse linux enterprise software development kit/11-sp4
version/suse linux enterprise software development kit/12
version/suse linux enterprise software development kit/12-sp1
canonical/opensuse leap
version/opensuse leap/42.1

CVE-2016-3068: Input Validation

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact