CVE-2015-3152: MySQL SSL/TLS downgrade vulnerability
Bug #1464895 reported by
Otto Kekäläinen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-10.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
mariadb-5.5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
For details see http://
Latest MariaDB release 5.5.44 fixes this.
From https:/
Client command line option --ssl-verify-
I am now preparing an security release for Ubuntu 14.04 and 14.10.
description: | updated |
summary: |
- CVE-2015-3152: MySQL SSL/TLS downgrade downgrade vulnerability + CVE-2015-3152: MySQL SSL/TLS downgrade vulnerability |
information type: | Private Security → Public |
To post a comment you must log in.
For complete pristine- tar/git- buildpackage history see https:/ /github. com/ottok/ mariadb- 5.5/tree/ ubuntu- 14.04
The attached debdiff is produced by running 5.5.43- 1ubuntu0. 14.04.2 ubuntu-14.04 debian/ > 5.5.44- 1ubuntu0. 14.04.2. diff
mariadb-5.5$ git diff ubuntu/
Apply this debdiff on top of the current 5.5.43 package in Ubuntu 14.04 and for the non debian/* stuff, get the upstream mariadb- 5.5.44. tar.gz package from MariaDB.org (use uscan with pgp signature checking, the package supports it).