what you don't know can hurt you

Debian Security Advisory 2449-1

Debian Security Advisory 2449-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2012-0805
MD5 | a83a1aa2b745a16d260a54006620a73a

Debian Security Advisory 2449-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2449-1 security@debian.org
http://www.debian.org/security/ Nico Golde
April 12, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sqlalchemy
Vulnerability : missing input sanitization
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0805

It was discovered that sqlalchemy, an SQL toolkit and object relational
mapper for python, is not sanitizing input passed to the limit/offset
keywords to select() as well as the value passed to select.limit()/offset().
This allows an attacker to perform SQL injection attacks against
applications using sqlalchemy that do not implement their own filtering.

For the stable distribution (squeeze), this problem has been fixed in
version 0.6.3-3+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 0.6.7-1.

For the unstable distribution (sid), this problem has been fixed in
version 0.6.7-1.

We recommend that you upgrade your sqlalchemy packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+GZWIACgkQHYflSXNkfP+xvQCgocwOsYzLI+eh2slV+ma/k3HX
hO8An0+oka75m0dk3tI9IRzatJ2/J2T0
=4efD
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    13 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close