FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- SSL Downgrade

Affected packages
		php56-mysql	<	5.6.11
		php56-mysqli	<	5.6.11
		php55-mysql	<	5.5.27
		php55-mysqli	<	5.5.27
		php5-mysql	<	5.4.43
		php5-mysqli	<	5.4.43
		mariadb55-client	<	5.5.44
		mariadb100-client	<	10.0.20

Details

VuXML ID	36bd352d-299b-11e5-86ff-14dae9d210b8
Discovery	2015-03-20
Entry	2015-07-13
Modified	2015-07-18

Duo Security reports:

Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently.

[source]

References

CVE Name	CVE-2015-3152
URL	http://www.ocert.org/advisories/ocert-2015-003.html
URL	https://bugs.php.net/bug.php?id=69669
URL	https://mariadb.atlassian.net/browse/MDEV-7937
URL	https://mariadb.com/kb/en/mariadb/mariadb-10020-changelog/
URL	https://mariadb.com/kb/en/mariadb/mariadb-5544-changelog/
URL	https://www.duosecurity.com/blog/backronym-mysql-vulnerability

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.