suse-su-2017:2591-1
Vulnerability from csaf_suse
Published
2017-09-28 11:50
Modified
2017-09-28 11:50
Summary
Security update for mysql-connector-java
Notes
Title of the patch
Security update for mysql-connector-java
Description of the patch
This update for mysql-connector-java to version to 5.1.42 fixes several issues.
These security issues were fixed:
- CVE-2017-3589: An unspecified vulnerability in MySQL Connector/J could have resulted in unauthorized update, insert or delete access to some of MySQL Connectors accessible data (bnc#1035210)
- CVE-2017-3523: An unspecified vulnerability in MySQL Connector/J could have lead to takeover of MySQL Connectors (bnc#1035697)
- CVE-2017-3586: An unspecified vulnerability in MySQL Connectors could have lead to unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data (bnc#1035211)
More infos are available at http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html
Patchnames
SUSE-SLE-SDK-12-SP2-2017-1605,SUSE-SLE-SDK-12-SP3-2017-1605
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mysql-connector-java",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mysql-connector-java to version to 5.1.42 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-3589: An unspecified vulnerability in MySQL Connector/J could have resulted in unauthorized update, insert or delete access to some of MySQL Connectors accessible data (bnc#1035210)\n- CVE-2017-3523: An unspecified vulnerability in MySQL Connector/J could have lead to takeover of MySQL Connectors (bnc#1035697)\n- CVE-2017-3586: An unspecified vulnerability in MySQL Connectors could have lead to unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data (bnc#1035211)\n\nMore infos are available at http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SDK-12-SP2-2017-1605,SUSE-SLE-SDK-12-SP3-2017-1605",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2591-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2591-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172591-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2591-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003263.html"
},
{
"category": "self",
"summary": "SUSE Bug 1035210",
"url": "https://bugzilla.suse.com/1035210"
},
{
"category": "self",
"summary": "SUSE Bug 1035211",
"url": "https://bugzilla.suse.com/1035211"
},
{
"category": "self",
"summary": "SUSE Bug 1035697",
"url": "https://bugzilla.suse.com/1035697"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3523 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3586 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3589 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3589/"
}
],
"title": "Security update for mysql-connector-java",
"tracking": {
"current_release_date": "2017-09-28T11:50:16Z",
"generator": {
"date": "2017-09-28T11:50:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2591-1",
"initial_release_date": "2017-09-28T11:50:16Z",
"revision_history": [
{
"date": "2017-09-28T11:50:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mysql-connector-java-5.1.42-5.4.1.noarch",
"product": {
"name": "mysql-connector-java-5.1.42-5.4.1.noarch",
"product_id": "mysql-connector-java-5.1.42-5.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-connector-java-5.1.42-5.4.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch"
},
"product_reference": "mysql-connector-java-5.1.42-5.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-connector-java-5.1.42-5.4.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
},
"product_reference": "mysql-connector-java-5.1.42-5.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3523"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3523",
"url": "https://www.suse.com/security/cve/CVE-2017-3523"
},
{
"category": "external",
"summary": "SUSE Bug 1035697 for CVE-2017-3523",
"url": "https://bugzilla.suse.com/1035697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-28T11:50:16Z",
"details": "important"
}
],
"title": "CVE-2017-3523"
},
{
"cve": "CVE-2017-3586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3586"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3586",
"url": "https://www.suse.com/security/cve/CVE-2017-3586"
},
{
"category": "external",
"summary": "SUSE Bug 1035210 for CVE-2017-3586",
"url": "https://bugzilla.suse.com/1035210"
},
{
"category": "external",
"summary": "SUSE Bug 1035211 for CVE-2017-3586",
"url": "https://bugzilla.suse.com/1035211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-28T11:50:16Z",
"details": "moderate"
}
],
"title": "CVE-2017-3586"
},
{
"cve": "CVE-2017-3589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3589"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3589",
"url": "https://www.suse.com/security/cve/CVE-2017-3589"
},
{
"category": "external",
"summary": "SUSE Bug 1035210 for CVE-2017-3589",
"url": "https://bugzilla.suse.com/1035210"
},
{
"category": "external",
"summary": "SUSE Bug 1035211 for CVE-2017-3589",
"url": "https://bugzilla.suse.com/1035211"
},
{
"category": "external",
"summary": "SUSE Bug 1035697 for CVE-2017-3589",
"url": "https://bugzilla.suse.com/1035697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP2:mysql-connector-java-5.1.42-5.4.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java-5.1.42-5.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-28T11:50:16Z",
"details": "low"
}
],
"title": "CVE-2017-3589"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…