Parent Directory | Revision Log
MGASA-2019-0144: koji-1.12.2-1.mga6
1 | type: security |
2 | subject: Updated koji packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2018-1002161 |
5 | src: |
6 | 6: |
7 | core: |
8 | - koji-1.12.2-1.mga6 |
9 | description: | |
10 | Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection |
11 | bugs. By passing carefully constructed arguments to these calls, an |
12 | unauthenticated user can issue arbitrary SQL commands to Koji’s database. |
13 | This gives the attacker broad ability to manipulate or destroy data |
14 | (CVE-2018-1002161). |
15 | references: |
16 | - https://bugs.mageia.org/show_bug.cgi?id=24421 |
17 | - https://docs.pagure.org/koji/CVE-2018-1002161/ |
18 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZK4UFB6Q4EDKJYDCXJ7R43EBRSWBS3SR/ |
19 | ID: MGASA-2019-0144 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |