Debian Local Security Checks : Debian Security Advisory DSA 3840-1 (mysql-connector-java

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.703840

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 3840-1 (mysql-connector-java - security update)

Resumen: Thijs Alkemade discovered that unexpected automatic deserialisation of;Java objects in the MySQL Connector/J JDBC driver may result in the;execution of arbitrary code.

Descripción: Summary:
Thijs Alkemade discovered that unexpected automatic deserialisation of
Java objects in the MySQL Connector/J JDBC driver may result in the
execution of arbitrary code.

Affected Software/OS:
mysql-connector-java on Debian Linux

Solution:
For the stable distribution (jessie), this problem has been fixed in
version 5.1.41-1~
deb8u1.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 5.1.41-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.1.41-1.

We recommend that you upgrade your mysql-connector-java packages.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-3523
BugTraq ID: 97982
http://www.securityfocus.com/bid/97982
Debian Security Information: DSA-3840 (Google Search)
http://www.debian.org/security/2017/dsa-3840

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.703840
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3840-1 (mysql-connector-java - security update)
Resumen:	Thijs Alkemade discovered that unexpected automatic deserialisation of;Java objects in the MySQL Connector/J JDBC driver may result in the;execution of arbitrary code.
Descripción:	Summary: Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitrary code. Affected Software/OS: mysql-connector-java on Debian Linux Solution: For the stable distribution (jessie), this problem has been fixed in version 5.1.41-1~ deb8u1. For the upcoming stable distribution (stretch), this problem has been fixed in version 5.1.41-1. For the unstable distribution (sid), this problem has been fixed in version 5.1.41-1. We recommend that you upgrade your mysql-connector-java packages. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3523 BugTraq ID: 97982 http://www.securityfocus.com/bid/97982 Debian Security Information: DSA-3840 (Google Search) http://www.debian.org/security/2017/dsa-3840
Copyright	Copyright (C) 2017 Greenbone Networks GmbH