Mageia 2019-0144: koji security update

    Date10 Apr 2019
    CategoryMageia
    328
    Posted ByLinuxSecurity Advisories
    Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data (CVE-2018-1002161).
    MGASA-2019-0144 - Updated koji packages fix security vulnerability
    
    Publication date: 10 Apr 2019
    URL: https://advisories.mageia.org/MGASA-2019-0144.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-1002161
    
    Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection
    bugs. By passing carefully constructed arguments to these calls, an
    unauthenticated user can issue arbitrary SQL commands to Koji’s database.
    This gives the attacker broad ability to manipulate or destroy data
    (CVE-2018-1002161).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24421
    - https://docs.pagure.org/koji/CVE-2018-1002161/
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/ZK4UFB6Q4EDKJYDCXJ7R43EBRSWBS3SR/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002161
    
    SRPMS:
    - 6/core/koji-1.12.2-1.mga6
    

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"5","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.