Bug 1035697 - (CVE-2017-3523) VUL-0: CVE-2017-3523: mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3523)
VUL-0: CVE-2017-3523: mysql-connector-java: Connector/J unspecified vulnerabi...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/184112/
CVSSv2:SUSE:CVE-2017-3523:4.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-24 11:25 UTC by Marcus Meissner
Modified: 2022-08-03 13:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-24 11:25:20 UTC
From

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL

CVE-2017-3523 	MySQL Connectors Connector/J MySQL Protocol 
affected:5.1.40 and eariler
Comment 3 Pedro Monreal Gonzalez 2017-05-02 17:03:57 UTC
Created attachment 723522 [details]
Updated patches for SLE-11 and 12.

All codestreams affected. Applied the upstream patch:

openSUSE:Factory                  5.1.35        sr#492515
openSUSE:Leap:42.2:Update         5.1.35	Comes from SLE-12
openSUSE:Leap:42.1:Update         5.1.35        Comes from SLE-12
SUSE:SLE-12:Update                5.1.35        mr#132096
SUSE:SLE-11:Update                5.1.6         sr#132097

[1] https://github.com/mysql/mysql-connector-j/commit/6189e718de5b6c6115aee45dd7a480081c129d68
Comment 5 Bernhard Wiedemann 2017-05-18 14:01:05 UTC
This is an autogenerated message for OBS integration:
This bug (1035697) was mentioned in
https://build.opensuse.org/request/show/495892 Factory / mysql-connector-java
Comment 6 Pedro Monreal Gonzalez 2017-06-01 12:36:22 UTC
Fixed in https://bugzilla.suse.com/show_bug.cgi?id=1035210#c7

Updated to version 5.1.42.
Comment 11 Swamp Workflow Management 2017-09-28 16:11:40 UTC
SUSE-SU-2017:2591-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1035210,1035211,1035697
CVE References: CVE-2017-3523,CVE-2017-3586,CVE-2017-3589
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    mysql-connector-java-5.1.42-5.4.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    mysql-connector-java-5.1.42-5.4.1
Comment 12 Marcus Meissner 2017-10-26 07:35:59 UTC
released
Comment 13 Andreas Stieger 2018-03-12 16:08:15 UTC
Still missing for Leap - imported into 
https://build.opensuse.org/project/show/openSUSE:Maintenance:7884
Comment 14 Andreas Stieger 2018-03-12 23:06:50 UTC
Release for Leap, now it's done.
Comment 15 Swamp Workflow Management 2018-03-13 02:07:51 UTC
openSUSE-SU-2018:0666-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1035210,1035211,1035697
CVE References: CVE-2017-3523,CVE-2017-3586,CVE-2017-3589
Sources used:
openSUSE Leap 42.3 (src):    mysql-connector-java-5.1.42-10.3.1