advisories/24421.adv

type: security
subject: Updated koji packages fix security vulnerability
CVE:
 - CVE-2018-1002161
src:
  6:
   core:
     - koji-1.12.2-1.mga6
description: |
  Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection
  bugs. By passing carefully constructed arguments to these calls, an
  unauthenticated user can issue arbitrary SQL commands to Koji’s database.
  This gives the attacker broad ability to manipulate or destroy data
  (CVE-2018-1002161).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24421
 - https://docs.pagure.org/koji/CVE-2018-1002161/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZK4UFB6Q4EDKJYDCXJ7R43EBRSWBS3SR/
ID: MGASA-2019-0144
1	type: security
2	subject: Updated koji packages fix security vulnerability
3	CVE:
4	- CVE-2018-1002161
5	src:
6	6:
7	core:
8	- koji-1.12.2-1.mga6
9	description: \|
10	Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection
11	bugs. By passing carefully constructed arguments to these calls, an
12	unauthenticated user can issue arbitrary SQL commands to Koji’s database.
13	This gives the attacker broad ability to manipulate or destroy data
14	(CVE-2018-1002161).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=24421
17	- https://docs.pagure.org/koji/CVE-2018-1002161/
18	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZK4UFB6Q4EDKJYDCXJ7R43EBRSWBS3SR/
19	ID: MGASA-2019-0144