Updated mysql-connector-java package fixes security vulnerability
Publication date: 21 Sep 2020Modification date: 21 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-2934
Description
A flaw was found in the mysql-connector-java package. A complicated attack
against the mysql Connector/J allows attackers on the local network to
interfere with a user's connection and insert unauthorized SQL commands
(CVE-2020-2934).
References
- https://bugs.mageia.org/show_bug.cgi?id=26522
- https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-20.html
- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934
SRPMS
7/core
- mysql-connector-java-8.0.20-1.mga7