Upstream information

CVE-2017-3469 at MITRE

Description

Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 3.7
Vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Access Vector Network
Access Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 1035195 [RESOLVED / ]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • libmysqlcppconn-devel >= 1.1.8-5.3.2
  • libmysqlcppconn7 >= 1.1.8-5.3.2
  • libmysqlcppconn7-debuginfo >= 1.1.8-5.3.2
  • mysql-connector-cpp >= 1.1.8-5.3.2
  • mysql-connector-cpp-debugsource >= 1.1.8-5.3.2
  • mysql-workbench >= 6.3.9-2.5.2
  • mysql-workbench-debuginfo >= 6.3.9-2.5.2
  • mysql-workbench-debugsource >= 6.3.9-2.5.2
Patchnames:
openSUSE-2017-671