mysql-connector-java - security update

2016-06-2500:00:00

Google

osv.dev

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

JSON

A vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/J) has been discovered that may result in
unauthorized update, insert or delete access to some MySQL Connectors
accessible data as well as read access to a subset of MySQL Connectors.
The issue is addressed by updating to the latest stable release of
mysql-connector-java since Oracle did not release further information.

Please see Oracle’s Critical Patch Update advisory for further details.

For Debian 7 Wheezy, these problems have been fixed in version
5.1.39-1~deb7u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>

CPENameOperatorVersion
mysql-connector-javaeq5.1.16-2
mysql-connector-javaeq5.1.28-1
mysql-connector-javaeq5.1.30-1
mysql-connector-javaeq5.1.27-1
mysql-connector-javaeq5.1.31-1
mysql-connector-javaeq5.1.25-1
mysql-connector-javaeq5.1.26-1
mysql-connector-javaeq5.1.37-1
mysql-connector-javaeq5.1.38-1
mysql-connector-javaeq5.1.32-1

Name	Operator	Version
mysql-connector-java	eq	5.1.16-2
mysql-connector-java	eq	5.1.28-1
mysql-connector-java	eq	5.1.30-1
mysql-connector-java	eq	5.1.27-1
mysql-connector-java	eq	5.1.31-1
mysql-connector-java	eq	5.1.25-1
mysql-connector-java	eq	5.1.26-1
mysql-connector-java	eq	5.1.37-1
mysql-connector-java	eq	5.1.38-1
mysql-connector-java	eq	5.1.32-1