oss-sec mailing list archives
CVE-2018-1002161 - Koji - SQL injection in multiple remote calls
From: Patrick Uiterwijk <puiterwijk () redhat com>
Date: Thu, 21 Feb 2019 15:38:06 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Description =========== SQL injection vulnerabilities have been found in multiple call handlers in Koji’s hub code. An anonymous attacker can use these vulnerabilities to issue arbitrary database commands. Affected versions ================= All versions of Koji are vulnerable. Patched versions ================ Koji versions 1.11.1, 1.12.2, 1.13.2, 1.14.2, 1.15.2, and 1.16.2 are available on the website, and all include patches to solve this problem. Credits ======= This issue was discovered by Mike McLean and Patrick Uiterwijk of Red Hat. References ========== https://docs.pagure.org/koji/CVE-2018-1002161/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJcbrfOAAoJEIZXmA2atR5Qe4QP/1iLTjcM1H6i9WUFmhHKxGNY UJKCX+LDwhkVX+mHQuogQg8iouoyMnUb0jzpwRFg5N1Y8Qo18GJltdcqrPTg5Lu9 oy8ShQENJCKwFz+LgWoggteFtcduKj1yJMUtlpW4iOeGK7sf6MXDMzX9egyJbWiZ 4xiJaeYlU585TEMQROPL+LmypRBIfYalalVO6RofufwkJ/hS/cTLJ4Fsvt+6uoq2 xUoiPGQfkMuBZfzxCDDAXb2AA614CjjOArwBzE6AUE6JMwR+6XgG6gP5LgLsLSnp Ce7y7JV7D01z3YvbJ3sa+880LMQtPw5lesIJc1Aj6kEehSKj01/QdH+H3hNmr+3z 5zHzx1koMq5+E/SHvAxQxA7azS9KF9j35cgyIygrS0P1PnjymjN59gxol2xOZqxU eiVc4X/vDpRf+3oNGDn/+XdHDWMR0k2w08SMBnAX7dOq0oaZ8oll2jmV1QPeXttv s4H8HiKtqmZse5QS2Yt6+1QoKcwD3qLVcRlsBNYoIzA4nTCVc78QDxsUVqoFe6Al 8EXd1rac7kIJjM5kauVy+DBbUrgFYH3O77VwnVB/qwYjStWRV60vfkecBpJVYN/A 9JgGpXR3zR5LBLRQIsHxQEJfgtOKccBJrrJGq7nLCV/G7hYql2iTyiqPEF+Lr0bF 4HxEdKZcQJ6KHgePsL9q =rS+E -----END PGP SIGNATURE-----
Current thread:
- CVE-2018-1002161 - Koji - SQL injection in multiple remote calls Patrick Uiterwijk (Feb 21)