Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1284 mysql-connector-java security update 19 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mysql-connector-java Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Access Confidential Data -- Existing Account Modify Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-3589 CVE-2017-3586 Reference: ASB-2017.0059 Original Bulletin: http://www.debian.org/security/2017/dsa-3857 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3857-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mysql-connector-java CVE ID : CVE-2017-3586 CVE-2017-3589 Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. For the stable distribution (jessie), these problems have been fixed in version 5.1.42-1~deb8u1. For the upcoming stable distribution (stretch), these problems have been fixed in version 5.1.42-1. For the unstable distribution (sid), these problems have been fixed in version 5.1.42-1. We recommend that you upgrade your mysql-connector-java packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkeBMkACgkQEMKTtsN8 TjZyIBAAp7fhrH9l/qFrWTc0FHIHpk+e/HJhXNaLqs2oiywVMXV9xS4S96yZiAly 4TBOdSzl8c1EDQ2J9tFO1G9KZf7yMa5/4ntHyAMQpoSiyfxjY6ysssAMve7HN7fF aTqmvXruEVcNqpi824QYuEs0msy07Z/mJaUYASzexLNlfpAuPhi+rDveuZ7wTzyJ ebL3DUZnH+2URnOyOYTiLgsGmoUB4MBt9naYJJMkUxN3eIEJQCZo6JpyU/J1gO6R B0rq6w4OMajXqHm9eoFbsrlLwP0yb2Wikptaqok2Nrpj4LnOwUcW50BT+deBvnBT BfrcUKEeRPD0s/HB1XGmS3RqrALMReXoH30/mBO4oej1Knh4UFHjv/QYP28NSw1Z pmyckt3LcOUiSGVah4uJJZnrf9PMHUzr9asCvroKAs7Wko4vLUh1xGGwtUutmT9p tqbs2RBZ2K+WUzb6B/mGJyPzhXlt677RTqFDOmqCxURbvBTRWpkeOdUpmXqXVOk9 zxzhIfLYafVt5Imqz1/JsPAbkGXhycNIiJvkK56g5wkFIX1eJhl73eud4qdMFBjL txr7PKtzlFtIX1UlRbNmgbiU10IC+5X6KUEJBH5WrkmsksthRZgu2DQMatZTv1Uy XpnOBjGqVa5m0RBvgDGNCRjqjoCab/yK/6VPMwY+iKQ8QZvl7hw= =/sZF - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWR6Fq4x+lLeg9Ub1AQjdKw/7Bq+EUlRmjz8UlhY6DKkrioAIEPf3yG1m gquxW8sU7GxqI7GKJ1hZyI9JZXD+qs5pXuJRff1NIE1xAhhlfO4k1sWFGByBv47j MwV2hm0N4R+ZaL9PIPGVeBBxJOGKmxfiMOWtCM+Y2/N0BkvH3ViiHvipRyq5tp5B jqCzHR6EoSQ/VfQCIoTJJMcl/Apf2RMxI+jZzvp/zIVLu6dFfjgc1e4azmLKwvLh oSQS1Fs7PeLyqX8jzUJDEJH2QaSDcUkQSQ2i+tEpdIFvnZFVLfTaf4jDTQ4GqN56 Jqf13dLDNhrX2xbzbB4WOP1G4G39Nq1PsnlfEh4DQAqcq4w5nZ+nlpZm221yK6gh CzWAsSU/LRnYNjuybu7XqJqJGDj9R7SqJ3ff0OJ/ylhtPJlscmzDJcMG9UskLHkT +Gemhu6wGbKrP5e6ZcvU9g3C3wDP/8EfOkB/h8xXzrFtMOxV9dvrtuXdJ+h41Uox aG1HxqeBafgD/TeOY5MKEpIztIvZ52kJHXYztNOVLzMcZuP6KVNRCui2YoxDJmT4 iAJaI6rakixhKVOGLDcJ8DAg65XG3CKvGf/XBM2qsOWfoQe8B50G5tM4vFCkWm5H iefgkPNQYrfPBHosrsTlABpyuJ1B2Fo2IbtkZAqMDAcrCLjgsjef1RuYjj41tzWU gkfnXoF5+/Q= =xja6 -----END PGP SIGNATURE-----