[Secure-testing-team] Bug#861511: mysql-connector-python: CVE-2017-3590

Salvatore Bonaccorso carnil at debian.org
Sat Apr 29 20:29:12 UTC 2017


Source: mysql-connector-python
Version: 2.1.5-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for mysql-connector-python.

CVE-2017-3590[0]:
| Vulnerability in the MySQL Connectors component of Oracle MySQL
| (subcomponent: Connector/Python). Supported versions that are affected
| are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low
| privileged attacker with logon to the infrastructure where MySQL
| Connectors executes to compromise MySQL Connectors. Successful attacks
| of this vulnerability can result in unauthorized update, insert or
| delete access to some of MySQL Connectors accessible data. CVSS 3.0
| Base Score 3.3 (Integrity impacts). CVSS Vector:
| (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

According to the Oracle advisory fixed in 2.1.6.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-3590
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3590
[1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the Secure-testing-team mailing list