Updated koji packages fix security vulnerability
Publication date: 10 Apr 2019Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1002161
Description
Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data (CVE-2018-1002161).
References
SRPMS
6/core
- koji-1.12.2-1.mga6