Advisories » MGASA-2022-0035

Updated mysql-connector-c++ packages fix security vulnerability

Publication date: 25 Jan 2022
Modification date: 25 Jan 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3711 , CVE-2021-3712

Description

Buffer overflow due to inccorect calculation in EVP_PKEY_decrypt.
(CVE-2021-3711)
Denial of Service attack due to possible non-zero terminated strings.
(CVE-2021-3712)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29923
• https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712

SRPMS

8/core

• mysql-connector-c++-8.0.28-1.mga8