ASA-201902-21 generated external raw

[ASA-201902-21] python-mysql-connector: authentication bypass
Arch Linux Security Advisory ASA-201902-21 ========================================== Severity: High Date : 2019-02-17 CVE-ID : CVE-2019-2435 Package : python-mysql-connector Type : authentication bypass Remote : Yes Link : Summary ======= The package <a href="/package/python-mysql-connector">python-mysql-connector</a> before version 8.0.15-1 is vulnerable to authentication bypass. Resolution ========== Upgrade to 8.0.15-1. # pacman -Syu "python-mysql-connector>=8.0.15-1" The problem has been fixed upstream in version 8.0.15. Workaround ========== None. Description =========== A flaw was found in mysql-connector prior to version 8.0.13. Unauthenticated attacker with network access via TLS could compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion or modification access to critical data. Impact ====== An unauthenticated attacker could serve malicious TLS traffic and bypass authentication. References ==========