23720 – mysql-connector-java new security issue CVE-2018-3258 and CVE-2019-2692

Bug 23720 - mysql-connector-java new security issue CVE-2018-3258 and CVE-2019-2692

Summary: mysql-connector-java new security issue CVE-2018-3258 and CVE-2019-2692

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Java Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-10-17 23:15 CEST by David Walser
Modified:	2019-11-06 13:37 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	mysql-connector-java-8.0.12-2.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-10-17 23:15:56 CEST

October 2018 Oracle CPU lists a security issue in mysql-connector-java:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL

Mageia 6 is also affected.

David Walser 2018-10-17 23:16:11 CEST

Whiteboard: (none) => MGA6TOO

Marja Van Waes 2018-10-18 09:23:14 CEST

CC: (none) => mageia, marja11
Assignee: bugsquad => java

Comment 1 David Walser 2018-11-02 02:57:40 CET

mysql-connector-java-8.0.13-1.mga7 uploaded by David to fix this in Cauldron.

CC: (none) => geiger.david68210
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 2 David Walser 2018-11-15 23:28:04 CET

Fedora has issued an advisory for this on November 10:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/674XGWEZN7DMLSDLCBXDKKN75BDDFP45/

Comment 3 David Walser 2019-04-17 21:12:26 CEST

April 2019 Oracle CPU lists a security issue in mysql-connector-java:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL

It sounds like it needs to be updated to something newer than 8.0.15.

Version: 6 => Cauldron
Summary: mysql-connector-java new security issue CVE-2018-3258 => mysql-connector-java new security issue CVE-2018-3258 and CVE-2019-2692
Whiteboard: (none) => MGA6TOO

papoteur 2019-04-24 10:42:25 CEST

CC: (none) => yves.brungard_mageia

Comment 4 David GEIGER 2019-05-06 17:24:34 CEST

mysql-connector-java-8.0.16-1.mga7 uploaded to fix CVE-2019-2692 in Cauldron.

David Walser 2019-05-06 17:55:52 CEST

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 Mike Rambo 2019-11-06 13:37:38 CET

Mageia 6 is EOL.

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => mrambo

Note You need to log in before you can comment on or make changes to this bug.