Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1284
mysql-connector-java security update
19 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mysql-connector-java
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Access Confidential Data -- Existing Account
Modify Arbitrary Files -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-3589 CVE-2017-3586
Reference: ASB-2017.0059
Original Bulletin:
http://www.debian.org/security/2017/dsa-3857
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3857-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : mysql-connector-java
CVE ID : CVE-2017-3586 CVE-2017-3589
Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.
For the stable distribution (jessie), these problems have been fixed in
version 5.1.42-1~deb8u1.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 5.1.42-1.
For the unstable distribution (sid), these problems have been fixed in
version 5.1.42-1.
We recommend that you upgrade your mysql-connector-java packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkeBMkACgkQEMKTtsN8
TjZyIBAAp7fhrH9l/qFrWTc0FHIHpk+e/HJhXNaLqs2oiywVMXV9xS4S96yZiAly
4TBOdSzl8c1EDQ2J9tFO1G9KZf7yMa5/4ntHyAMQpoSiyfxjY6ysssAMve7HN7fF
aTqmvXruEVcNqpi824QYuEs0msy07Z/mJaUYASzexLNlfpAuPhi+rDveuZ7wTzyJ
ebL3DUZnH+2URnOyOYTiLgsGmoUB4MBt9naYJJMkUxN3eIEJQCZo6JpyU/J1gO6R
B0rq6w4OMajXqHm9eoFbsrlLwP0yb2Wikptaqok2Nrpj4LnOwUcW50BT+deBvnBT
BfrcUKEeRPD0s/HB1XGmS3RqrALMReXoH30/mBO4oej1Knh4UFHjv/QYP28NSw1Z
pmyckt3LcOUiSGVah4uJJZnrf9PMHUzr9asCvroKAs7Wko4vLUh1xGGwtUutmT9p
tqbs2RBZ2K+WUzb6B/mGJyPzhXlt677RTqFDOmqCxURbvBTRWpkeOdUpmXqXVOk9
zxzhIfLYafVt5Imqz1/JsPAbkGXhycNIiJvkK56g5wkFIX1eJhl73eud4qdMFBjL
txr7PKtzlFtIX1UlRbNmgbiU10IC+5X6KUEJBH5WrkmsksthRZgu2DQMatZTv1Uy
XpnOBjGqVa5m0RBvgDGNCRjqjoCab/yK/6VPMwY+iKQ8QZvl7hw=
=/sZF
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWR6Fq4x+lLeg9Ub1AQjdKw/7Bq+EUlRmjz8UlhY6DKkrioAIEPf3yG1m
gquxW8sU7GxqI7GKJ1hZyI9JZXD+qs5pXuJRff1NIE1xAhhlfO4k1sWFGByBv47j
MwV2hm0N4R+ZaL9PIPGVeBBxJOGKmxfiMOWtCM+Y2/N0BkvH3ViiHvipRyq5tp5B
jqCzHR6EoSQ/VfQCIoTJJMcl/Apf2RMxI+jZzvp/zIVLu6dFfjgc1e4azmLKwvLh
oSQS1Fs7PeLyqX8jzUJDEJH2QaSDcUkQSQ2i+tEpdIFvnZFVLfTaf4jDTQ4GqN56
Jqf13dLDNhrX2xbzbB4WOP1G4G39Nq1PsnlfEh4DQAqcq4w5nZ+nlpZm221yK6gh
CzWAsSU/LRnYNjuybu7XqJqJGDj9R7SqJ3ff0OJ/ylhtPJlscmzDJcMG9UskLHkT
+Gemhu6wGbKrP5e6ZcvU9g3C3wDP/8EfOkB/h8xXzrFtMOxV9dvrtuXdJ+h41Uox
aG1HxqeBafgD/TeOY5MKEpIztIvZ52kJHXYztNOVLzMcZuP6KVNRCui2YoxDJmT4
iAJaI6rakixhKVOGLDcJ8DAg65XG3CKvGf/XBM2qsOWfoQe8B50G5tM4vFCkWm5H
iefgkPNQYrfPBHosrsTlABpyuJ1B2Fo2IbtkZAqMDAcrCLjgsjef1RuYjj41tzWU
gkfnXoF5+/Q=
=xja6
-----END PGP SIGNATURE-----