SB2018112829 - Fedora 27 update for mysql-connector-java
Published: November 28, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018112829
Severity
High
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Remote code execution (CVE-ID: CVE-2017-3523)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unexpected automatic deserialisation of Java objects. The remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Improper access control (CVE-ID: CVE-2017-3586)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.The weakness exists due to improper access control. A remote attacker can gain unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data.
3) Improper access control (CVE-ID: CVE-2017-3589)
The vulnerability allows a local authenticated attacker to write arbitrary files on the target system.The weakness exists due to improper access control. A local attacker can gain unauthorized update, insert or delete access to some of MySQL Connectors accessible data.
4) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2018-3258)
The vulnerability allows an attacker to operate the product.
The vulnerability exists due to the access control bypass in the in the "Connector/J" component. A remote authenticated attacker with network access via multiple protocols can takeover the MySQL Connectors.
Remediation
Install update from vendor's website.