Nacionalni CERT

Ranjivosti programskog paketa mysql-connector-java

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA256<br /><br />- -------------------------------------------------------------------------<br />Debian Security Advisory DSA-3857-1 security@debian.org<br />https://www.debian.org/security/ Moritz Muehlenhoff<br />May 18, 2017 https://www.debian.org/security/faq<br />- -------------------------------------------------------------------------<br /><br />Package : mysql-connector-java<br />CVE ID : CVE-2017-3586 CVE-2017-3589<br /><br />Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.<br /><br />For the stable distribution (jessie), these problems have been fixed in<br />version 5.1.42-1~deb8u1.<br /><br />For the upcoming stable distribution (stretch), these problems have been<br />fixed in version 5.1.42-1.<br /><br />For the unstable distribution (sid), these problems have been fixed in<br />version 5.1.42-1.<br /><br />We recommend that you upgrade your mysql-connector-java packages.<br /><br />Further information about Debian Security Advisories, how to apply<br />these updates to your system and frequently asked questions can be<br />found at: https://www.debian.org/security/<br /><br />Mailing list: debian-security-announce@lists.debian.org<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkeBMkACgkQEMKTtsN8<br />TjZyIBAAp7fhrH9l/qFrWTc0FHIHpk+e/HJhXNaLqs2oiywVMXV9xS4S96yZiAly<br />4TBOdSzl8c1EDQ2J9tFO1G9KZf7yMa5/4ntHyAMQpoSiyfxjY6ysssAMve7HN7fF<br />aTqmvXruEVcNqpi824QYuEs0msy07Z/mJaUYASzexLNlfpAuPhi+rDveuZ7wTzyJ<br />ebL3DUZnH+2URnOyOYTiLgsGmoUB4MBt9naYJJMkUxN3eIEJQCZo6JpyU/J1gO6R<br />B0rq6w4OMajXqHm9eoFbsrlLwP0yb2Wikptaqok2Nrpj4LnOwUcW50BT+deBvnBT<br />BfrcUKEeRPD0s/HB1XGmS3RqrALMReXoH30/mBO4oej1Knh4UFHjv/QYP28NSw1Z<br />pmyckt3LcOUiSGVah4uJJZnrf9PMHUzr9asCvroKAs7Wko4vLUh1xGGwtUutmT9p<br />tqbs2RBZ2K+WUzb6B/mGJyPzhXlt677RTqFDOmqCxURbvBTRWpkeOdUpmXqXVOk9<br />zxzhIfLYafVt5Imqz1/JsPAbkGXhycNIiJvkK56g5wkFIX1eJhl73eud4qdMFBjL<br />txr7PKtzlFtIX1UlRbNmgbiU10IC+5X6KUEJBH5WrkmsksthRZgu2DQMatZTv1Uy<br />XpnOBjGqVa5m0RBvgDGNCRjqjoCab/yK/6VPMwY+iKQ8QZvl7hw=<br />=/sZF<br />-----END PGP SIGNATURE-----</p>
Otkrivene su ranjivosti u programskom paketu mysql-connector-java za Debian. Radi se o ranjivostima u MySQL Connectors komponentama koje udaljeni napadači mogu iskoristiti za utjecaj na povjerljivost, integritet i dostupnost podataka preko podkomponente Connector/J. Korisnike se upućuje na nadogradnju novom inačicom paketa.