Paketname
python-sqlalchemy
Datum
2012-04-16
Advisory ID
MDVSA-2012:059
Betroffene Versionen
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problembeschreibung

It was discovered that SQLAlchemy did not sanitize values for the limit
and offset keywords for SQL select statements. If an application using
SQLAlchemy accepted values for these keywords, and did not filter or
sanitize them before passing them to SQLAlchemy, it could allow an
attacker to perform an SQL injection attack against the application
(CVE-2012-0805).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 2340f4f449c7722c003ed2cec8ccc2c0  mes5/i586/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 
 13c7eab8aee943425e5f59ddc73f4732  mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm

2011 i586

 9cb0318708e0adc740995c7a80c41c3f  2011/i586/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 
 95ea238a1945537295f329b77b2d732d  2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm

MES5 x86_64

 bac0b27a5529c3a010a7b3025e139da4  mes5/x86_64/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 
 13c7eab8aee943425e5f59ddc73f4732  mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm

2011 x86_64

 59e60e28100f82e8edcce6a523e5d2a2  2011/x86_64/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 
 95ea238a1945537295f329b77b2d732d  2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm

Referenzen