Otkrivena je i ispravljena sigurnosna nepravilnost u programskom paketu python-sqlalchemy. Potencijalni napadači ju mogu iskoristiti za umetanje proizvoljnog SQL programskog koda.
Paket:
python-sqlalchemy 0.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
4.3
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
pokretanje SQL koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0805
Izvorni ID preporuke:
FEDORA-2012-3412
Izvor:
Fedora
Problem:
Uočena je greška u funkcij "select.limit()/offset()" koja nedovoljno provjerava ulazne podatke.
Posljedica:
Navedenu ranjivost zlonamjeran napadač može iskoristiti za umetanje SQL programskog koda.
Rješenje:
Korisnici se potiču na primjenu službenih programskih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-3412
2012-03-08 20:55:42
--------------------------------------------------------------------------------
Name : python-sqlalchemy0.5
Product : Fedora 16
Version : 0.5.8
Release : 9.fc16
URL : http://www.sqlalchemy.org/
Summary : Modular and flexible ORM library for python
Description :
SQLAlchemy is an Object Relational Mappper (ORM) that provides a flexible,
high-level interface to SQL databases. Database and domain concepts are
decoupled, allowing both sides maximum flexibility and power. SQLAlchemy
provides a powerful mapping layer that can work as automatically or as manually
as you choose, determining relationships based on foreign keys or letting you
define the join conditions explicitly, to bridge the gap between database and
domain.
--------------------------------------------------------------------------------
Update Information:
* Fix the sqlalchemy0.5 backwards and forwards compat packages for a security
problem with limit.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 7 2012 Toshio Kuratomi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.5.8-9
- Patch to fix https://rhn.redhat.com/errata/RHSA-2012-0369.html
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.5.8-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #783305 - CVE-2012-0805 python-sqlalchemy: SQL injection flaw due to
not checking LIMIT input for correct type
https://bugzilla.redhat.com/show_bug.cgi?id=783305
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-sqlalchemy0.5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-3414
2012-03-08 20:55:47
--------------------------------------------------------------------------------
Name : python-sqlalchemy0.5
Product : Fedora 15
Version : 0.5.8
Release : 9.fc15
URL : http://www.sqlalchemy.org/
Summary : Modular and flexible ORM library for python
Description :
SQLAlchemy is an Object Relational Mappper (ORM) that provides a flexible,
high-level interface to SQL databases. Database and domain concepts are
decoupled, allowing both sides maximum flexibility and power. SQLAlchemy
provides a powerful mapping layer that can work as automatically or as manually
as you choose, determining relationships based on foreign keys or letting you
define the join conditions explicitly, to bridge the gap between database and
domain.
--------------------------------------------------------------------------------
Update Information:
* Fix the sqlalchemy0.5 backwards and forwards compat packages for a security
problem with limit.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 7 2012 Toshio Kuratomi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.5.8-9
- Patch to fix https://rhn.redhat.com/errata/RHSA-2012-0369.html
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.5.8-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #783305 - CVE-2012-0805 python-sqlalchemy: SQL injection flaw due to
not checking LIMIT input for correct type
https://bugzilla.redhat.com/show_bug.cgi?id=783305
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-sqlalchemy0.5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke