Advisories ยป MGASA-2017-0382

Updated mysql-connector-java packages fix security vulnerabilities

Publication date: 24 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3523 , CVE-2017-3586 , CVE-2017-3589

Description

Thijs Alkemade discovered that unexpected automatic deserialisation of
Java objects in the MySQL Connector/J JDBC driver may result in the
execution of arbitary code (CVE-2017-3523).

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver
(CVE-2017-3586, CVE-2017-3589).
                

References

SRPMS

5/core

6/core