Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. References: https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html https://www.debian.org/security/2020/dsa-4703
Created mysql-connector-java tracking bugs for this issue: Affects: fedora-all [bug 1851024]
This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 6 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat JBoss Fuse Service Works(FSW) 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Statement: Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way: # yum-config-manager --enable rhel-server-rhscl-7-rpms # yum install rh-mariadb103-mariadb-java-client
This issue has been addressed in the following products: RHDM 7.9.0 Via RHSA-2020:4960 https://access.redhat.com/errata/RHSA-2020:4960
This issue has been addressed in the following products: RHPAM 7.9.0 Via RHSA-2020:4961 https://access.redhat.com/errata/RHSA-2020:4961
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2933