openSUSE: 2024:0351-1 critical: python-mysql-connector-python SQL injection

opensuse

November 6, 2024

An update that fixes one vulnerability is now available

Description

This update for python-mysql-connector-python fixes the following issues:

- Update to 9.1.0 (boo#1231740, CVE-2024-21272)

- WL#16452: Bundle all installable authentication plugins when building

the C-extension

- WL#16444: Drop build support for DEB packages

- WL#16442: Upgrade gssapi version to 1.8.3

- WL#16411: Improve wheel metadata information for Classic and XDevAPI

connectors

- WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support

- WL#16307: Remove Python 3.8 support

- WL#16306: Add support for Python 3.13

- BUG#37055435: Connection fails during the TLS negotiation when

specifying TLSv1.3 ciphers

- BUG#37013057: mysql-connector-python Parameterized query SQL injection

- BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input

a wrong host

- BUG#36577957: Update charset/collation description indicate this is 16

bits

- 9.0.0:

- WL#16350: Update dnspython...

Read the Full Advisory

Topics Covered

security advisory update sql injection important tls negotiation python-mysql-connector-python openSUSE Backports SLE-15-SP5

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-351=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

python3-mysql-connector-python-9.1.0-bp155.3.3.1

References

https://www.suse.com/security/cve/CVE-2024-21272.html

https://bugzilla.suse.com/1231740

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2024:0351-1

Rating: important

Affected Products: openSUSE Backports SLE-15-SP5 .

Topics Covered

security advisory update sql injection important tls negotiation python-mysql-connector-python openSUSE Backports SLE-15-SP5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2024:0351-1 critical: python-mysql-connector-python SQL injection

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2024:0351-1 critical: python-mysql-connector-python SQL injection

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!