FS#61758 : [python-mysql-connector] [security] unauthorized access (CVE-2019-2435)

FS#61758 - [python-mysql-connector] [security] unauthorized access (CVE-2019-2435)

Attached to Project: Community Packages
Opened by Eduard Toloza (edu4rdshl) - Thursday, 14 February 2019, 05:18 GMT
Last edited by Evgeniy Alexeev (arcan1s) - Monday, 18 February 2019, 07:12 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Lukas Fleischer (lfleischer) Evgeniy Alexeev (arcan1s)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package python-mysql-connector is easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors via CVE-2019-2435.

Guidance
========

Not fix yet.

References
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2435
https://www.suse.com/security/cve/CVE-2019-2435/

This task depends upon

Closed by Evgeniy Alexeev (arcan1s)
Monday, 18 February 2019, 07:12 GMT
Reason for closing: Fixed
Additional comments about closing: 8.0.15-1

Comment by Morten Linderud (Foxboron) - Thursday, 14 February 2019, 16:41 GMT

Patch: https://github.com/mysql/mysql-connector-python/commit/069bc6737dd13b7f3a41d7fc23b789b659d8e205

Adviced to update the package to latest version.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#61758 - [python-mysql-connector] [security] unauthorized access (CVE-2019-2435)

Details

Loading...