Mandriva Linux Security Advisory : python-sqlalchemy (MDVSA-2012:059)
High Nessus Plugin ID 61949
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionIt was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform a SQL injection attack against the application (CVE-2012-0805).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected python-sqlalchemy package.