MGASA-2017-0382

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0382.html

Import Source

https://advisories.mageia.org/MGASA-2017-0382.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0382

Upstream

CVE-2017-3523

CVE-2017-3586

CVE-2017-3589

Published

2017-10-24T05:50:58Z

Modified

2026-04-16T06:25:15.755628211Z

Summary

Updated mysql-connector-java packages fix security vulnerabilities

Details

Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code (CVE-2017-3523).

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver (CVE-2017-3586, CVE-2017-3589).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / mysql-connector-java

Package

Name: mysql-connector-java
Purl: pkg:rpm/mageia/mysql-connector-java?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.42-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2017-0382.json"

Mageia:6 / mysql-connector-java

Package

Name: mysql-connector-java
Purl: pkg:rpm/mageia/mysql-connector-java?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.42-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2017-0382.json"