Executive Summary

Summary
Title mysql-connector-java security update
Informations
Name DSA-3621 First vendor Publication 2016-07-18
Vendor Debian Last vendor Modification 2016-07-18
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Cvss Base Score 4.9 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes. Please see the MySQL Connector/J Release Notes and Oracle's Critical Patch Update advisory for further details:

https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL

For the stable distribution (jessie), this problem has been fixed in version 5.1.39-1~deb8u1.

We recommend that you upgrade your mysql-connector-java packages.

Original Source

Url : http://www.debian.org/security/2016/dsa-3621

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9
Application 314
Os 1
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2016-09-15 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1082.nasl - Type : ACT_GATHER_INFO
2016-07-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3621.nasl - Type : ACT_GATHER_INFO
2016-06-27 Name : The remote Debian host is missing a security update.
File : debian_DLA-526.nasl - Type : ACT_GATHER_INFO
2015-06-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-389.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-07-22 13:38:25
  • Multiple Updates
2016-07-19 21:37:35
  • First insertion