Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-526-1 mysql-connector-java

Debian Security Advisory

DLA-526-1 mysql-connector-java -- LTS security update

Date Reported:

25 Jun 2016

Affected Packages:

mysql-connector-java

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-2575.

More information:

A vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J) has been discovered that may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors. The issue is addressed by updating to the latest stable release of mysql-connector-java since Oracle did not release further information.

Please see Oracle's Critical Patch Update advisory for further details.

http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL

For Debian 7 Wheezy, these problems have been fixed in version 5.1.39-1~deb7u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS