ID de Prueba:	1.3.6.1.4.1.25623.1.0.831649
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)
Resumen:	The remote host is missing an update for the 'python-sqlalchemy'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-sqlalchemy' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application (CVE-2012-0805). The updated packages have been patched to correct this issue. Affected Software/OS: python-sqlalchemy on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0805 48327 http://secunia.com/advisories/48327 48328 http://secunia.com/advisories/48328 48771 http://secunia.com/advisories/48771 DSA-2449 http://www.debian.org/security/2012/dsa-2449 MDVSA-2012:059 http://www.mandriva.com/security/advisories?name=MDVSA-2012:059 RHSA-2012:0369 http://rhn.redhat.com/errata/RHSA-2012-0369.html http://www.sqlalchemy.org/changelog/CHANGES_0_7_0 http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/ https://bugs.launchpad.net/keystone/+bug/918608 sqlalchemy-select-sql-injection(73756) https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.