openSUSE: 2020:0409-1: moderate: python-mysql-connector-python

    Date 29 Mar 2020
    239
    Posted By LinuxSecurity Advisories
    An update that fixes one vulnerability is now available.
       openSUSE Security Update: Security update for python-mysql-connector-python
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0409-1
    Rating:             moderate
    References:         #1122204 
    Cross-References:   CVE-2019-2435
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes one vulnerability is now available.
    
    Description:
    
       This update for python-mysql-connector-python fixes the following issues:
    
       python-mysql-connector-python was updated to 8.0.19 (boo#1122204 -
       CVE-2019-2435):
    
       - WL#13531: Remove xplugin namespace
       - WL#13372: DNS SRV support
       - WL#12738: Specify TLS ciphers to be used by a client or session
       - BUG#30270760: Fix reserved filed should have a length of 22
       - BUG#29417117: Close file in handle load data infile
       - WL#13330: Single C/Python (Win) MSI installer
       - WL#13335: Connectors should handle expired password sandbox without SET
         operations
       - WL#13194: Add support for Python 3.8
       - BUG#29909157: Table scans of floats causes memory leak with the C
         extension
       - BUG#25349794: Add read_default_file alias for option_files in connect()
       - WL#13155: Support new utf8mb4 bin collation
       - WL#12737: Add overlaps and not_overlaps as operator
       - WL#12735: Add README.rst and CONTRIBUTING.rst files
       - WL#12227: Indexing array fields
       - WL#12085: Support cursor prepared statements with C extension
       - BUG#29855733: Fix error during connection using charset and collation
         combination
       - BUG#29833590: Calling execute() should fetch active results
       - BUG#21072758: Support for connection attributes classic
       - WL#12864: Upgrade of Protobuf version to 3.6.1
       - WL#12863: Drop support for Django versions older than 1.11
       - WL#12489: Support new session reset functionality
       - WL#12488: Support for session-connect-attributes
       - WL#12297: Expose metadata about the source and binaries
       - WL#12225: Prepared statement support
       - BUG#29324966: Add missing username connection argument for driver
         compatibility
       - BUG#29278489: Fix wrong user and group for Solaris packages
       - BUG#29001628: Fix access by column label in Table.select()
       - BUG#28479054: Fix Python interpreter crash due to memory corruption
       - BUG#27897881: Empty LONG BLOB throws an IndexError
       - BUG#29260128: Disable load data local infile by default
       - WL#12607: Handling of Default Schema
       - WL#12493: Standardize count method
       - WL#12492: Be prepared for initial notice on connection
       - BUG#28646344: Remove expression parsing on values
       - BUG#28280321: Fix segmentation fault when using unicode characters in
         tables
       - BUG#27794178: Using use_pure=False should raise an error if cext is not
         available
       - BUG#27434751: Add a TLS/SSL option to verify server name
       - WL#12239: Add support for Python 3.7
       - WL#12226: Implement connect timeout
       - WL#11897: Implement connection pooling for xprotocol
       - BUG#28278352: C extension mysqlx Collection.add() leaks memory in
         sequential calls
       - BUG#28037275: Missing bind parameters causes segfault or unclear error
         message
       - BUG#27528819: Support special characters in the user and password using
         URI
       - WL#11951: Consolidate discrepancies between pure and c extension
       - WL#11932: Remove Fabric support
       - WL#11898: Core API v1 alignment
       - BUG#28188883: Use utf8mb4 as the default character set
       - BUG#28133321: Fix incorrect columns names representing aggregate
         functions
       - BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues
       - BUG#27567999: Fix wrong docstring in ModifyStatement.patch()
       - BUG#27277937: Fix confusing error message when using an unsupported
         collation
       - BUG#26834200: Deprecate Row.get_string() method
       - BUG#26660624: Fix missing install option in documentation
       - WL#11668: Add SHA256_MEMORY authentication mechanism
       - WL#11614: Enable C extension by default
       - WL#11448: New document _id generation support
       - WL#11282: Support new locking modes NOWAIT and SKIP LOCKED
       - BUG#27639119: Use a list of dictionaries to store warnings
       - BUG#27634885: Update error codes for MySQL 8.0.11
       - BUG#27589450: Remove upsert functionality from WriteStatement class
       - BUG#27528842: Fix internal queries open for SQL injection
       - BUG#27364914: Cursor prepared statements do not convert strings
       - BUG#24953913: Fix failing unittests
       - BUG#24948205: Results from JSON_TYPE() are returned as bytearray
       - BUG#24948186: JSON type results are bytearray instead of corresponding
         python type
       - WL#11372: Remove configuration API
       - WL#11303: Remove CreateTable and CreateView
       - WL#11281: Transaction savepoints
       - WL#11278: Collection.create_index
       - WL#11149: Create Pylint test for mysqlx
       - WL#11142: Modify/MergePatch
       - WL#11079: Add support for Python 3.6
       - WL#11073: Add caching_sha2_password authentication plugin
       - WL#10975: Add Single document operations
       - WL#10974: Add Row locking methods to find and select operations
       - WL#10973: Allow JSON types as operands for IN operator
       - WL#10899: Add support for pure Python implementation of Protobuf
       - WL#10771: Add SHA256 authentication
       - WL#10053: Configuration handling interface
       - WL#10772: Cleanup Drop APIs
       - WL#10770: Ensure all Session connections are secure by default
       - WL#10754: Forbid modify() and remove() with no condition
       - WL#10659: Support utf8mb4 as default charset
       - WL#10658: Remove concept of NodeSession
       - WL#10657: Move version number to 8.0
       - WL#10198: Add Protobuf C++ extension implementation
       - WL#10004: Document UUID generation
       - BUG#26175003: Fix Session.sql() when using unicode SQL statements with
         Python 2.7
       - BUG#26161838: Dropping an non-existing index should succeed silently
       - BUG#26160876: Fix issue when using empty condition in
         Collection.remove() and Table.delete()
       - BUG#26029811: Improve error thrown when using an invalid parameter in
         bind()
       - BUG#25991574: Fix Collection.remove() and Table.delete() missing filters
       - WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX
       - WL#10081: DevAPI: IPv6 support
       - BUG#25614860: Fix defined_as method in the view creation
       - BUG#25519251: SelectStatement does not implement order_by() method
       - BUG#25436568: Update available operators for XPlugin
       - BUG#24954006: Add missing items in CHANGES.txt
       - BUG#24578507: Fix import error using Python 2.6
       - BUG#23636962: Fix improper error message when creating a Session
       - BUG#23568207: Fix default aliases for projection fields
       - BUG#23567724: Fix operator names
       - DevAPI: Schema.create_table
       - DevAPI: Flexible Parameter Lists
       - DevAPI: New transports: Unix domain socket
       - DevAPI: Core TLS/SSL options for the mysqlx URI scheme
       - DevAPI: View DDL with support for partitioning in a cluster / sharding
       - BUG#24520850: Fix unexpected behavior when using an empty collection name
       - Add support for Protocol Buffers 3
       - Add View support (without DDL)
       - Implement get_default_schema() method in BaseSchema
       - DevAPI: Per ReplicaSet SQL execution
       - DevAPI: XSession accepts a list of routers
       - DevAPI: Define action on adding empty list of documents
       - BUG#23729357: Fix fetching BIT datatype
       - BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject
       - BUG#23568257: Add fetch_one method to mysqlx.result
       - BUG#23550743: Add close method to XSession and NodeSession
       - BUG#23550057: Add support for URI as connection data
       - Provide initial implementation of new DevAPI
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-409=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (noarch):
    
          python2-mysql-connector-python-8.0.19-lp151.3.3.1
          python3-mysql-connector-python-8.0.19-lp151.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-2435.html
       https://bugzilla.suse.com/1122204
    
    -- 
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.