Debian Security Advisory

DLA-526-1 mysql-connector-java -- LTS security update

Date Reported:
25 Jun 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-2575.
More information:

A vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J) has been discovered that may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors. The issue is addressed by updating to the latest stable release of mysql-connector-java since Oracle did not release further information.

Please see Oracle's Critical Patch Update advisory for further details.

For Debian 7 Wheezy, these problems have been fixed in version 5.1.39-1~deb7u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: