Mageia 6: MGASA-2019-0144 Moderate SQL Injection Threat
mageia
April 10, 2019
Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs
Summary
Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection
bugs. By passing carefully constructed arguments to these calls, an
unauthenticated user can issue arbitrary SQL commands to Koji’s database.
This gives the attacker broad ability to manipulate or destroy data
(CVE-2018-1002161).
References
- https://bugs.mageia.org/show_bug.cgi?id=24421
- - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZK4UFB6Q4EDKJYDCXJ7R43EBRSWBS3SR/
- https://www.cve.org/CVERecord?id=CVE-2018-1002161
Topics Covered
Resolution
SRPMS
- 6/core/koji-1.12.2-1.mga6
PREVIOUS
NEXT
Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0144.html
Type: security
CVE: CVE-2018-1002161
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!