Advisories » MGASA-2017-0382

Updated mysql-connector-java packages fix security vulnerabilities

Publication date: 24 Oct 2017
Modification date: 16 Feb 2022
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3523 , CVE-2017-3586 , CVE-2017-3589

Description

Thijs Alkemade discovered that unexpected automatic deserialisation of
Java objects in the MySQL Connector/J JDBC driver may result in the
execution of arbitary code (CVE-2017-3523).

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver
(CVE-2017-3586, CVE-2017-3589).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20731
• https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
• http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
• https://www.debian.org/security/2017/dsa-3840
• https://www.debian.org/security/2017/dsa-3857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589

SRPMS

6/core

• mysql-connector-java-5.1.42-1.mga6

5/core

• mysql-connector-java-5.1.42-1.mga5