Security update for mysql-connector-java SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0666-1 Final 1 1 2018-03-12T23:06:16Z current 2018-03-12T23:06:16Z 2018-03-12T23:06:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mysql-connector-java This update for mysql-connector-java to version to 5.1.42 fixes several issues. These security issues were fixed: - CVE-2017-3589: An unspecified vulnerability in MySQL Connector/J could have resulted in unauthorized update, insert or delete access to some of MySQL Connectors accessible data (bnc#1035210) - CVE-2017-3523: An unspecified vulnerability in MySQL Connector/J could have lead to takeover of MySQL Connectors (bnc#1035697) - CVE-2017-3586: An unspecified vulnerability in MySQL Connectors could have lead to unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data (bnc#1035211) More infos are available at http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00035.html E-Mail link for openSUSE-SU-2018:0666-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 mysql-connector-java-5.1.42-10.3.1 mysql-connector-java-5.1.42-10.3.1 as a component of openSUSE Leap 42.3 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2017-3523 openSUSE Leap 42.3:mysql-connector-java-5.1.42-10.3.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00035.html https://www.suse.com/security/cve/CVE-2017-3523.html CVE-2017-3523 https://bugzilla.suse.com/1035697 SUSE Bug 1035697 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). CVE-2017-3586 openSUSE Leap 42.3:mysql-connector-java-5.1.42-10.3.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00035.html https://www.suse.com/security/cve/CVE-2017-3586.html CVE-2017-3586 https://bugzilla.suse.com/1035210 SUSE Bug 1035210 https://bugzilla.suse.com/1035211 SUSE Bug 1035211 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3589 openSUSE Leap 42.3:mysql-connector-java-5.1.42-10.3.1 moderate 1.7 AV:L/AC:L/Au:S/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00035.html https://www.suse.com/security/cve/CVE-2017-3589.html CVE-2017-3589 https://bugzilla.suse.com/1035210 SUSE Bug 1035210 https://bugzilla.suse.com/1035211 SUSE Bug 1035211 https://bugzilla.suse.com/1035697 SUSE Bug 1035697