Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 3621-1] mysql-connector-java security update

From Salvatore Bonaccorso@1:229/2 to All on Mon Jul 18 18:40:02 2016

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3621-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mysql-connector-java
CVE ID : CVE-2015-2575

A vulnerability was discovered in mysql-connector-java, a Java database
(JDBC) driver for MySQL, which may result in unauthorized update, insert
or delete access to some MySQL Connectors accessible data as well as
read access to a subset of MySQL Connectors accessible data. The
vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug
fixes, new features, and possibly incompatible changes. Please see the
MySQL Connector/J Release Notes and Oracle's Critical Patch Update
advisory for further details:

https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL

For the stable distribution (jessie), this problem has been fixed in
version 5.1.39-1~deb8u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXjQKkAAoJEAVMuPMTQ89Ee2UP/18I4detSRWBBnIaEGlmIqEw wTnsJlwtxwCjzDXRL61Vd2MxNbHEGwq8IQi/nWnoNhqRBUXEko5/X72Gx5UFtrMK 5nu1uTZe8xCmFJUaTsvfEb0FtKJ/1I07VHcxgjXJx6J9SXPtal8oKnAQLKfCQAPT +eFnY8ISjc6xaEYJK/Ddtjt/GXTWPFEvtd4mWH+l19kc2uLwR6RjCgr8NLdsmERv D5EgTgj5MbnMZPW6SpvcRJj2aWRLqADe9CLxNlw19NNzaXsuZ3Od8IZQ75Nt95CG RW69EqQTKjblVhvGyb7U13TKqvieM5cqmww2oqt6+4+M/vvJcXctEPT1jBhexJNX 2cy8fzwlI4OMqIrPfJ/SJh7+YQfD9zSLKWuYkVIy+K/39tmIahlLY6TKS8AvIAda sxDTnvj9dajZEI/DUXdtMoMeqg8hHXs1cYHFFN2uKPLdTTvyAqGQBl9ycf5Njlfa 9rQmdr0UhdP03a5JDSmCBmj+t8iA2hnelV4hg0FtwKUeoguihato8ULOpYQXx1Hg 5AjwBqpNCLBjBVSKzAjJgR9pXO0M3Ibh/dp/55znDMU8evniVVcS8avnePZeIL5V 2suyruiCgLE9CmoWD+p1UzV1qdLHdXnZrZEsUejfX1O0C2u2QdDgHuSF/hCnw1Nj hEABqqwx0F1UALfdvI0A
=ezgL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From Daniel Boshier@1:229/2 to Salvatore Bonaccorso on Tue Jul 19 17:40:02 2016

XPost: linux.debian.security
From: [email protected]

--001a113a68781843100537feabbe
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Uhpppopppiujiki
MN
I have
.. buy bio
Yg.viuuu
😗

On 18 Jul 2016 17:32, "Salvatore Bonaccorso" <[email protected]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3621-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mysql-connector-java
CVE ID : CVE-2015-2575

A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert
or delete access to some MySQL Connectors accessible data as well as
read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes. Please see the
MySQL Connector/J Release Notes and Oracle's Critical Patch Update
advisory for further details:

https://dev.mysql.com/doc/relnotes/connector-j/5.1/en/news-5-1.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL

For the stable distribution (jessie), this problem has been fixed in
version 5.1.39-1~deb8u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXjQKkAAoJEAVMuPMTQ89Ee2UP/18I4detSRWBBnIaEGlmIqEw wTnsJlwtxwCjzDXRL61Vd2MxNbHEGwq8IQi/nWnoNhqRBUXEko5/X72Gx5UFtrMK 5nu1uTZe8xCmFJUaTsvfEb0FtKJ/1I07VHcxgjXJx6J9SXPtal8oKnAQLKfCQAPT +eFnY8ISjc6xaEYJK/Ddtjt/GXTWPFEvtd4mWH+l19kc2uLwR6RjCgr8NLdsmERv D5EgTgj5MbnMZPW6SpvcRJj2aWRLqADe9CLxNlw19NNzaXsuZ3Od8IZQ75Nt95CG RW69EqQTKjblVhvGyb7U13TKqvieM5cqmww2oqt6+4+M/vvJcXctEPT1jBhexJNX 2cy8fzwlI4OMqIrPfJ/SJh7+YQfD9zSLKWuYkVIy+K/39tmIahlLY6TKS8AvIAda sxDTnvj9dajZEI/DUXdtMoMeqg8hHXs1cYHFFN2uKPLdTTvyAqGQBl9ycf5Njlfa 9rQmdr0UhdP03a5JDSmCBmj+t8iA2hnelV4hg0FtwKUeoguihato8ULOpYQXx1Hg 5AjwBqpNCLBjBVSKzAjJgR9pXO0M3Ibh/dp/55znDMU8evniVVcS8avnePZeIL5V 2suyruiCgLE9CmoWD+p1UzV1qdLHdXnZrZEsUejfX1O0C2u2QdDgHuSF/hCnw1Nj hEABqqwx0F1UALfdvI0A
=ezgL
-----END PGP SIGNATURE-----

--001a113a68781843100537feabbe
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Uhpppopppiujiki 
MN 
I have 
.. buy bio 
Yg.viuuu 
😗
<div class="gmail_extra"> <div class="gmail_quote">On 18 Jul 2016 17:32, "Salvatore Bonaccorso" <<a href="mailto:[email protected]">[email protected]</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA512 

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3621-1 <a href="mailto:[email protected]">[email protected]</a> 
<a href="https://www.debian.org/security/" rel="noreferrer" target="_blank">https://www.debian.org/security/</a> Salvatore Bonaccorso 
July 18, 2016 <a href="https://www.debian.org/security/faq" rel="noreferrer" target="_blank">https://www.debian.org/security/faq</a> 
- ------------------------------------------------------------------------- 

Package : mysql-connector-java 
CVE ID : CVE-2015-2575 

A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert 

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	153:14:56
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,664

[SECURITY] [DSA 3621-1] mysql-connector-java security update

Who's Online

Recent Visitors

System Info