MDVSA-2012:059
- Nom du paquet
- python-sqlalchemy
- Date
- 2012-04-16
- Advisory ID
- MDVSA-2012:059
- Affected versions
- MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64
Problem description
It was discovered that SQLAlchemy did not sanitize values for the limit
and offset keywords for SQL select statements. If an application using
SQLAlchemy accepted values for these keywords, and did not filter or
sanitize them before passing them to SQLAlchemy, it could allow an
attacker to perform an SQL injection attack against the application
(CVE-2012-0805).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
2340f4f449c7722c003ed2cec8ccc2c0 mes5/i586/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 13c7eab8aee943425e5f59ddc73f4732 mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm
2011 i586
9cb0318708e0adc740995c7a80c41c3f 2011/i586/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 95ea238a1945537295f329b77b2d732d 2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm
MES5 x86_64
bac0b27a5529c3a010a7b3025e139da4 mes5/x86_64/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 13c7eab8aee943425e5f59ddc73f4732 mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm
2011 x86_64
59e60e28100f82e8edcce6a523e5d2a2 2011/x86_64/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 95ea238a1945537295f329b77b2d732d 2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm