Test ID:	1.3.6.1.4.1.25623.1.0.72040
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:059 (python-sqlalchemy)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to python-sqlalchemy announced via advisory MDVSA-2012:059. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application (CVE-2012-0805). The updated packages have been patched to correct this issue. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:059 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0805 48327 http://secunia.com/advisories/48327 48328 http://secunia.com/advisories/48328 48771 http://secunia.com/advisories/48771 DSA-2449 http://www.debian.org/security/2012/dsa-2449 MDVSA-2012:059 http://www.mandriva.com/security/advisories?name=MDVSA-2012:059 RHSA-2012:0369 http://rhn.redhat.com/errata/RHSA-2012-0369.html http://www.sqlalchemy.org/changelog/CHANGES_0_7_0 http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/ https://bugs.launchpad.net/keystone/+bug/918608 sqlalchemy-select-sql-injection(73756) https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.