Advisories » MGASA-2015-0255

Updated mysql-connector-java package fixes security vulnerability

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2575

Description

Difficult to exploit vulnerability allows successful authenticated network
attacks via multiple protocols. Successful attack of this vulnerability
can result in unauthorized update, insert or delete access to some MySQL
Connectors accessible data as well as read access to a subset of MySQL
Connectors accessible data (CVE-2015-2575).

The mysql-connector-java package has been updated to version 5.1.35 to fix
this issue and several other bugs
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16070
• http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
• http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575

SRPMS

4/core

• mysql-connector-java-5.1.35-1.mga4