CVE-2015-2575 — mysql-connector-java - security update

Description

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

How to fix CVE-2015-2575

To remediate CVE-2015-2575, upgrade the affected package to a fixed version below.

Debian/mysql-connector-java—upgrade to 5.1.39-1~deb7u1 or later
Debian/mysql-connector-java—upgrade to 5.1.39-1~deb8u1 or later
Maven/mysql:mysql-connector-java—upgrade to 5.1.35 or later

Is CVE-2015-2575 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 5.1.39-1~deb7u1
from 0, < 5.1.39-1~deb8u1
from 0, < 5.1.35

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-2575
WEBlists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
WEBlists.opensuse.org/opensuse-updates/2015-05/msg00089.html
WEBsecurity.netapp.com/advisory/ntap-20150417-0003