ALT Linux Team

Package mysql-connector-odbc update in sisyphus on 2023-11-18

ALT-PU-2023-7323-2

Package mysql-connector-odbc updated to version 8.0.35-alt1 for branch sisyphus in task 334631.

Closed vulnerabilities

Published: 2022-03-02

BDU:2022-01443

Уязвимость реализации механизма аутентификации Cyrus SASL, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю выполнить произвольный SQL-запрос

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2022-07-05

BDU:2022-04284

Уязвимость режима AES OCB библиотеки OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию

Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2022-07-05
Modified: 2024-11-21

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2022-02-24
Modified: 2024-11-21

CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top