Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2051 mysql-connector-java security update 12 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mysql-connector-java Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Modify Arbitrary Files -- Remote with User Interaction Denial of Service -- Existing Account Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-2934 CVE-2020-2933 CVE-2020-2875 Reference: ASB-2020.0087 ESB-2020.2044 Original Bulletin: http://www.debian.org/security/2020/dsa-4703 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4703-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mysql-connector-java CVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 Three vulnerabilities have been found in the MySQL Connector/J JDBC driver. For the oldstable distribution (stretch), these problems have been fixed in version 5.1.49-0+deb9u1. We recommend that you upgrade your mysql-connector-java packages. For the detailed security status of mysql-connector-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mysql-connector-java Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7ibO4ACgkQEMKTtsN8 TjbQow/+PsNMQnOkPAOhr5BQ62SRH2XF4oF9ynPosz3GsKqyjjkTSvR/ceDtDQi0 GIcVVhDfaBcpYm90yPQBtdiTSr7CoWfWV9E7u/BdVz8gZsyppXzYvPUte0wihStz Qh5l0iPVIApLfcr/nsLhCtugzxCBQvGel1tYE+HrdoNPgs9iZU9FUPSDaCKUlRn/ yIbZWFbYbbIOZWTmGs3YCQ7e70ioMIgTe/apZ4uwyhjUztWjgBOxhwRr+ZDR9gTy vLS3ut0xG9odCNeP1l8/thoxD5iQptY8jWmPkXIf2SMk2KB1mltF1wiGEmdeb1v0 Oiovvx4HzJWHs5SxsDdd1Un/S47GwkH0yeeeLLzZtl829M2NQpi1xbKFdgXJJHFO 0ToeCi24r1IMrGGMS2vyt+U2hzfkFtWxSMutuAjWoUZGJmN2HvF+kr14KJhbngSP NftdFEj3JfGF9WLgfk1O6HKCGlZIWf2jF2Oe7bDWCpcVHicyNT92JuXQXrcOX37d QCVrFgzq66JVtva+PqGnpNTZKAGdtkCyCWo8rukedLO6/htCuRRW3IecXMnvQ7wq 2r0wYWskq4sc1AqWBtQG2WzmAlHCizHqIu9c3dQe9BlkEFHg6DzuP+euNXeDaoVc lw6n7DBj2U4zciCA6/BllgEAI9G64TYwfa2f/RU4WvwrdpdML0U= =H7wp - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXuLaq+NLKJtyKPYoAQhbzg/+JJlGUY1ESnHFrQNR3WoTwuTdeQSfj0NH 20uWCavF8+4kvth7JXN6JGBnU0lNOL1cjQ/DSQyDXF7EoHpZUqAcnkvKIVJNF6DF VTxPFYOhui/m8DTUuaV4oJhoNR5LNiVV/+TVO2ZTfhdYEiDhfp6nYI9Q2ZCu1tV7 qbAEnjz5vqHh1bKvfBHPI0thnF4/6+nky4IwuG343ffyYUMr96njOi/IwjBvW6lI wW5aTMHGPaQViaSbSN62QW2pfv0vg0nE1+OwtF52ocH9ZB5VcTUDdOol1b3SCaxP PKFXbjLSE/8BXDQedAQdVo1NSl/DiLyfLYqd39pKcsXQ97wDRZck/5xxSwP97NBJ uVUOcuG810CwHzOXLiqcvJWaLqWZf/arI813jCr9+tMs0Kswxz/WJL7JuThwkdyu 37gI6Gy6+0+vqz969QCzvwZrcx5vnbwSYKZR6Is4WnjS/fY0q99QaEIcsc+RrVD/ baoIqP70e1O+tiKWmOLbd5iycism3sIklu7mvXCtEqDHLihEwMxHd3StT+mKl7Os S2ol8qC4ExQpM2tYdQ4podXsuZIo68TMzzRBUNm8vnESx/4hLqk1pPb6e5RHpKN5 0nY7wLjQaipMWWEC8pIPoStROF6JKA20LbV0Kv0zT86jA3Pvl9v4DzTs8AlCOLtu nS0vXTdZ4fw= =J44T -----END PGP SIGNATURE-----