Lucene search

Gentoo FoundationMGASA-2015-0255

HistoryJul 05, 2015 - 8:22 p.m.

Updated mysql-connector-java package fixes security vulnerability

2015-07-0520:22:03

Gentoo Foundation

advisories.mageia.org

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

EPSS

0.002

Percentile

56.2%

JSON

Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data (CVE-2015-2575). The mysql-connector-java package has been updated to version 5.1.35 to fix this issue and several other bugs

OSVersionArchitecturePackageVersionFilename
Mageia4noarchmysql-connector-java< 5.1.35-1mysql-connector-java-5.1.35-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	mysql-connector-java	< 5.1.35-1	mysql-connector-java-5.1.35-1.mga4

References

dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html

lists.opensuse.org/opensuse-updates/2015-05/msg00089.html

bugs.mageia.org/show_bug.cgi?id=16070

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

EPSS

0.002

Percentile

56.2%

JSON

Related for MGASA-2015-0255