Mandriva Update For Python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application (CVE-2012-0805). The updated packages have been patched to correct this issue.

Affected

python-sqlalchemy on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-0805
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:008 (qemu)
Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)
Mandrake Security Advisory MDVSA-2009:140 (gaim)
Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)
Mandrake Security Advisory MDVSA-2009:101 (xpdf)

Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)

Take action and discover your vulnerabilities