FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- SSL Downgrade

Affected packages
php56-mysql < 5.6.11
php56-mysqli < 5.6.11
php55-mysql < 5.5.27
php55-mysqli < 5.5.27
php5-mysql < 5.4.43
php5-mysqli < 5.4.43
mariadb55-client < 5.5.44
mariadb100-client < 10.0.20

Details

VuXML ID 36bd352d-299b-11e5-86ff-14dae9d210b8
Discovery 2015-03-20
Entry 2015-07-13
Modified 2015-07-18

Duo Security reports:

Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently.

References

CVE Name CVE-2015-3152
URL http://www.ocert.org/advisories/ocert-2015-003.html
URL https://bugs.php.net/bug.php?id=69669
URL https://mariadb.atlassian.net/browse/MDEV-7937
URL https://mariadb.com/kb/en/mariadb/mariadb-10020-changelog/
URL https://mariadb.com/kb/en/mariadb/mariadb-5544-changelog/
URL https://www.duosecurity.com/blog/backronym-mysql-vulnerability