Описание
Security update for mysql-connector-java
This update for mysql-connector-java to version to 5.1.42 fixes several issues.
These security issues were fixed:
- CVE-2017-3589: An unspecified vulnerability in MySQL Connector/J could have resulted in unauthorized update, insert or delete access to some of MySQL Connectors accessible data (bnc#1035210)
- CVE-2017-3523: An unspecified vulnerability in MySQL Connector/J could have lead to takeover of MySQL Connectors (bnc#1035697)
- CVE-2017-3586: An unspecified vulnerability in MySQL Connectors could have lead to unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data (bnc#1035211)
More infos are available at http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:2591-1
- E-Mail link for SUSE-SU-2017:2591-1
- SUSE Security Ratings
- SUSE Bug 1035210
- SUSE Bug 1035211
- SUSE Bug 1035697
- SUSE CVE CVE-2017-3523 page
- SUSE CVE CVE-2017-3586 page
- SUSE CVE CVE-2017-3589 page
Описание
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Затронутые продукты
Ссылки
- CVE-2017-3523
- SUSE Bug 1035697
Описание
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
Затронутые продукты
Ссылки
- CVE-2017-3586
- SUSE Bug 1035210
- SUSE Bug 1035211
Описание
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Затронутые продукты
Ссылки
- CVE-2017-3589
- SUSE Bug 1035210
- SUSE Bug 1035211
- SUSE Bug 1035697