-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2051
                   mysql-connector-java security update
                               12 June 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mysql-connector-java
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Modify Arbitrary Files -- Remote with User Interaction
                   Denial of Service      -- Existing Account            
                   Unauthorised Access    -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-2934 CVE-2020-2933 CVE-2020-2875

Reference:         ASB-2020.0087
                   ESB-2020.2044

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4703

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4703-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 11, 2020                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : mysql-connector-java
CVE ID         : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934

Three vulnerabilities have been found in the MySQL Connector/J JDBC
driver.
   
For the oldstable distribution (stretch), these problems have been fixed
in version 5.1.49-0+deb9u1.

We recommend that you upgrade your mysql-connector-java packages.

For the detailed security status of mysql-connector-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mysql-connector-java

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7ibO4ACgkQEMKTtsN8
TjbQow/+PsNMQnOkPAOhr5BQ62SRH2XF4oF9ynPosz3GsKqyjjkTSvR/ceDtDQi0
GIcVVhDfaBcpYm90yPQBtdiTSr7CoWfWV9E7u/BdVz8gZsyppXzYvPUte0wihStz
Qh5l0iPVIApLfcr/nsLhCtugzxCBQvGel1tYE+HrdoNPgs9iZU9FUPSDaCKUlRn/
yIbZWFbYbbIOZWTmGs3YCQ7e70ioMIgTe/apZ4uwyhjUztWjgBOxhwRr+ZDR9gTy
vLS3ut0xG9odCNeP1l8/thoxD5iQptY8jWmPkXIf2SMk2KB1mltF1wiGEmdeb1v0
Oiovvx4HzJWHs5SxsDdd1Un/S47GwkH0yeeeLLzZtl829M2NQpi1xbKFdgXJJHFO
0ToeCi24r1IMrGGMS2vyt+U2hzfkFtWxSMutuAjWoUZGJmN2HvF+kr14KJhbngSP
NftdFEj3JfGF9WLgfk1O6HKCGlZIWf2jF2Oe7bDWCpcVHicyNT92JuXQXrcOX37d
QCVrFgzq66JVtva+PqGnpNTZKAGdtkCyCWo8rukedLO6/htCuRRW3IecXMnvQ7wq
2r0wYWskq4sc1AqWBtQG2WzmAlHCizHqIu9c3dQe9BlkEFHg6DzuP+euNXeDaoVc
lw6n7DBj2U4zciCA6/BllgEAI9G64TYwfa2f/RU4WvwrdpdML0U=
=H7wp
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXuLaq+NLKJtyKPYoAQhbzg/+JJlGUY1ESnHFrQNR3WoTwuTdeQSfj0NH
20uWCavF8+4kvth7JXN6JGBnU0lNOL1cjQ/DSQyDXF7EoHpZUqAcnkvKIVJNF6DF
VTxPFYOhui/m8DTUuaV4oJhoNR5LNiVV/+TVO2ZTfhdYEiDhfp6nYI9Q2ZCu1tV7
qbAEnjz5vqHh1bKvfBHPI0thnF4/6+nky4IwuG343ffyYUMr96njOi/IwjBvW6lI
wW5aTMHGPaQViaSbSN62QW2pfv0vg0nE1+OwtF52ocH9ZB5VcTUDdOol1b3SCaxP
PKFXbjLSE/8BXDQedAQdVo1NSl/DiLyfLYqd39pKcsXQ97wDRZck/5xxSwP97NBJ
uVUOcuG810CwHzOXLiqcvJWaLqWZf/arI813jCr9+tMs0Kswxz/WJL7JuThwkdyu
37gI6Gy6+0+vqz969QCzvwZrcx5vnbwSYKZR6Is4WnjS/fY0q99QaEIcsc+RrVD/
baoIqP70e1O+tiKWmOLbd5iycism3sIklu7mvXCtEqDHLihEwMxHd3StT+mKl7Os
S2ol8qC4ExQpM2tYdQ4podXsuZIo68TMzzRBUNm8vnESx/4hLqk1pPb6e5RHpKN5
0nY7wLjQaipMWWEC8pIPoStROF6JKA20LbV0Kv0zT86jA3Pvl9v4DzTs8AlCOLtu
nS0vXTdZ4fw=
=J44T
-----END PGP SIGNATURE-----