ArchLinux: 201902-21: python-mysql-connector: authentication bypass
Summary
A flaw was found in mysql-connector prior to version 8.0.13. Unauthenticated attacker with network access via TLS could compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion or modification access to critical data.
Resolution
Upgrade to 8.0.15-1.
# pacman -Syu "python-mysql-connector>=8.0.15-1"
The problem has been fixed upstream in version 8.0.15.
References
https://bugs.archlinux.org/task/61758 https://github.com/mysql/mysql-connector-python/commit/069bc6737dd13b7f3a41d7fc23b789b659d8e205 https://security.netapp.com/advisory/ntap-20190118-0002/ https://www.oracle.com/security-alerts/cpujan2019.html https://security.archlinux.org/CVE-2019-2435
Workaround
None.