[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-1002161 - Koji - SQL injection in multiple remote calls
From: Patrick Uiterwijk <puiterwijk () redhat ! com>
Date: 2019-02-21 14:38:06
Message-ID: 20190221143806.GA12473 () foreshadow ! home ! puiterwijk ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Description
===========
SQL injection vulnerabilities have been found in multiple call handlers in Koji's hub code. An \
anonymous attacker can use these vulnerabilities to issue arbitrary database commands.
Affected versions
=================
All versions of Koji are vulnerable.
Patched versions
================
Koji versions 1.11.1, 1.12.2, 1.13.2, 1.14.2, 1.15.2, and 1.16.2 are available on the website, \
and all include patches to solve this problem.
Credits
=======
This issue was discovered by Mike McLean and Patrick Uiterwijk of Red Hat.
References
==========
https://docs.pagure.org/koji/CVE-2018-1002161/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJcbrfOAAoJEIZXmA2atR5Qe4QP/1iLTjcM1H6i9WUFmhHKxGNY
UJKCX+LDwhkVX+mHQuogQg8iouoyMnUb0jzpwRFg5N1Y8Qo18GJltdcqrPTg5Lu9
oy8ShQENJCKwFz+LgWoggteFtcduKj1yJMUtlpW4iOeGK7sf6MXDMzX9egyJbWiZ
4xiJaeYlU585TEMQROPL+LmypRBIfYalalVO6RofufwkJ/hS/cTLJ4Fsvt+6uoq2
xUoiPGQfkMuBZfzxCDDAXb2AA614CjjOArwBzE6AUE6JMwR+6XgG6gP5LgLsLSnp
Ce7y7JV7D01z3YvbJ3sa+880LMQtPw5lesIJc1Aj6kEehSKj01/QdH+H3hNmr+3z
5zHzx1koMq5+E/SHvAxQxA7azS9KF9j35cgyIygrS0P1PnjymjN59gxol2xOZqxU
eiVc4X/vDpRf+3oNGDn/+XdHDWMR0k2w08SMBnAX7dOq0oaZ8oll2jmV1QPeXttv
s4H8HiKtqmZse5QS2Yt6+1QoKcwD3qLVcRlsBNYoIzA4nTCVc78QDxsUVqoFe6Al
8EXd1rac7kIJjM5kauVy+DBbUrgFYH3O77VwnVB/qwYjStWRV60vfkecBpJVYN/A
9JgGpXR3zR5LBLRQIsHxQEJfgtOKccBJrrJGq7nLCV/G7hYql2iTyiqPEF+Lr0bF
4HxEdKZcQJ6KHgePsL9q
=rS+E
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic