Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:0369

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.71130

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2012:0369

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing updates announced in
advisory RHSA-2012:0369.

SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible,
high-level interface to SQL databases.

It was discovered that SQLAlchemy did not sanitize values for the limit and
offset keywords for SQL select statements. If an application using
SQLAlchemy accepted values for these keywords, and did not filter or
sanitize them before passing them to SQLAlchemy, it could allow an attacker
to perform an SQL injection attack against the application. (CVE-2012-0805)

All users of python-sqlalchemy are advised to upgrade to this updated
package, which contains a patch to correct this issue. All running
applications using SQLAlchemy must be restarted for this update to take
effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0369.html

Risk factor : Medium

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0805
48327
http://secunia.com/advisories/48327
48328
http://secunia.com/advisories/48328
48771
http://secunia.com/advisories/48771
DSA-2449
http://www.debian.org/security/2012/dsa-2449
MDVSA-2012:059
http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
RHSA-2012:0369
http://rhn.redhat.com/errata/RHSA-2012-0369.html
http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/
https://bugs.launchpad.net/keystone/+bug/918608
sqlalchemy-select-sql-injection(73756)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73756

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.71130
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2012:0369
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2012:0369. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. (CVE-2012-0805) All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-0369.html Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0805 48327 http://secunia.com/advisories/48327 48328 http://secunia.com/advisories/48328 48771 http://secunia.com/advisories/48771 DSA-2449 http://www.debian.org/security/2012/dsa-2449 MDVSA-2012:059 http://www.mandriva.com/security/advisories?name=MDVSA-2012:059 RHSA-2012:0369 http://rhn.redhat.com/errata/RHSA-2012-0369.html http://www.sqlalchemy.org/changelog/CHANGES_0_7_0 http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/ https://bugs.launchpad.net/keystone/+bug/918608 sqlalchemy-select-sql-injection(73756) https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com