openSUSE-SU-2022:0658-1

Опубликовано: 02 мар. 2022

Источник: suse-cvrf

Описание

Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues:

CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557).

Список пакетов

openSUSE Leap 15.3

mysql-connector-java-5.1.47-3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FPABDE53LLJDPCFTIOU2DXOPZRS7JPVT/
E-Mail link for openSUSE-SU-2022:0658-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195557
SUSE Bug 1195557
https://www.suse.com/security/cve/CVE-2021-2471/
SUSE CVE CVE-2021-2471 page

Описание

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

Затронутые продукты

openSUSE Leap 15.3:mysql-connector-java-5.1.47-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-2471.html
CVE-2021-2471
https://bugzilla.suse.com/1195557
SUSE Bug 1195557

openSUSE-SU-2022:0658-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-2471

Описание

Затронутые продукты

Ссылки