openSUSE has issued an advisory on March 30: https://lists.opensuse.org/opensuse-updates/2020-03/msg00140.html The issue is fixed upstream in 8.0.19.
Done for mga7 updating to latest 8.0.20 release! Also note that I had to enable the protobuf python3 bindings needed for new mysql-connector-python python3 part.
Advisory: ======================== Updated mysql-connector-python packages fix security vulnerability: Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data (CVE-2019-2435). Also, the protobuf package was updated to add a python3 subpackage, which was needed for this update. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2435 http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435 https://lists.opensuse.org/opensuse-updates/2020-03/msg00140.html ======================== Updated packages in core/updates_testing: ======================== libprotobuf17-3.6.1-1.1.mga7 libprotobuf-lite17-3.6.1-1.1.mga7 protobuf-compiler-3.6.1-1.1.mga7 libprotoc17-3.6.1-1.1.mga7 libprotobuf-devel-3.6.1-1.1.mga7 libprotobuf-static-devel-3.6.1-1.1.mga7 python2-protobuf-3.6.1-1.1.mga7 python3-protobuf-3.6.1-1.1.mga7 protobuf-vim-3.6.1-1.1.mga7 protobuf-java-3.6.1-1.1.mga7 protobuf-java-util-3.6.1-1.1.mga7 protobuf-javadoc-3.6.1-1.1.mga7 protobuf-parent-3.6.1-1.1.mga7 python2-mysql-connector-8.0.20-1.mga7 python3-mysql-connector-8.0.20-1.mga7 from SRPMS: protobuf-3.6.1-1.1.mga7.src.rpm mysql-connector-python-8.0.20-1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. No previous updates, so googledon the subjecct and found: "Protocol buffers are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data" That tastes like developers stuff, so propozing to OK on clean install????
CC: (none) => herman.viaene
Yeah unless you have a Python program that uses mysql/mariadb via this connector, clean install/upgrade is fine.
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisoryCC: (none) => ouaurelien
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: ouaurelien => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0345.html
Status: NEW => RESOLVEDResolution: (none) => FIXED