Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0350)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0350

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0350)

Resumen: The remote host is missing an update for the 'python-sqlalchemy' package(s) announced via the MGASA-2019-0350 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python-sqlalchemy' package(s) announced via the MGASA-2019-0350 advisory.

Vulnerability Insight:
Updated python-sqlalchemy packages fix security vulnerabilities:

SQL Injection via the order_by parameter (CVE-2019-7164).

SQL Injection via the group_by parameter (CVE-2019-7548).

Affected Software/OS:
'python-sqlalchemy' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-7164
https://github.com/sqlalchemy/sqlalchemy/issues/4481
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
RedHat Security Advisories: RHSA-2019:0981
https://access.redhat.com/errata/RHSA-2019:0981
RedHat Security Advisories: RHSA-2019:0984
https://access.redhat.com/errata/RHSA-2019:0984
SuSE Security Announcement: openSUSE-SU-2019:2039 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
SuSE Security Announcement: openSUSE-SU-2019:2064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
SuSE Security Announcement: openSUSE-SU-2019:2078 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-7548
https://github.com/no-security/sqlalchemy_test
https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0350
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0350)
Resumen:	The remote host is missing an update for the 'python-sqlalchemy' package(s) announced via the MGASA-2019-0350 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-sqlalchemy' package(s) announced via the MGASA-2019-0350 advisory. Vulnerability Insight: Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the order_by parameter (CVE-2019-7164). SQL Injection via the group_by parameter (CVE-2019-7548). Affected Software/OS: 'python-sqlalchemy' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7164 https://github.com/sqlalchemy/sqlalchemy/issues/4481 https://www.oracle.com/security-alerts/cpujan2021.html https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html RedHat Security Advisories: RHSA-2019:0981 https://access.redhat.com/errata/RHSA-2019:0981 RedHat Security Advisories: RHSA-2019:0984 https://access.redhat.com/errata/RHSA-2019:0984 SuSE Security Announcement: openSUSE-SU-2019:2039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html SuSE Security Announcement: openSUSE-SU-2019:2064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html SuSE Security Announcement: openSUSE-SU-2019:2078 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7548 https://github.com/no-security/sqlalchemy_test https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
Copyright	Copyright (C) 2022 Greenbone AG