[Secure-testing-team] Bug#861487: mysql-workbench: CVE-2017-3469
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 29 15:23:27 UTC 2017
Source: mysql-workbench
Version: 6.2.3+dfsg-7
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for mysql-workbench.
CVE-2017-3469[0]:
| Vulnerability in the MySQL Workbench component of Oracle MySQL
| (subcomponent: Workbench: Security : Encryption). Supported versions
| that are affected are 6.3.8 and earlier. Difficult to exploit
| vulnerability allows unauthenticated attacker with network access via
| multiple protocols to compromise MySQL Workbench. Successful attacks
| of this vulnerability can result in unauthorized read access to a
| subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7
| (Confidentiality impacts). CVSS Vector:
| (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Unfortunately as in most cases, no details are provided. Only known
that it should be fixed in 6.3.9. The issue is said to be difficult to
exploit so I guess we do not need a DSA for this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-3469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3469
[1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
Regards,
Salvatore
More information about the Secure-testing-team
mailing list