Advisories » MGASA-2019-0144

Updated koji packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1002161

Description

Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection
bugs. By passing carefully constructed arguments to these calls, an
unauthenticated user can issue arbitrary SQL commands to Koji’s database.
This gives the attacker broad ability to manipulate or destroy data
(CVE-2018-1002161).
                

References

SRPMS

6/core