This bug was fixed in the package mariadb-10.0 -
10.0.20-0ubuntu0.15.04.1
---------------
mariadb-10.0 (10.0.20-0ubuntu0.15.04.1) vivid-security; urgency=low
* SECURITY UPDATE: Update to 10.0.20 (via .18 and .19) fixes security issues:
- CVE-2015-3152: Client command line option --ssl-verify-server-cert (and
MYSQL_OPT_SSL_VERIFY_SERVER_CERT option of the client API) when used
together with --ssl will ensure that the established connection is
SSL-encrypted and the MariaDB server has a valid certificate.
(LP: #1464895)
- CVE-2014-8964: bundled PCRE contained heap-based buffer overflow
vulnerability that allowed the server to crash or have other unspecified
impact via a crafted regular expression made possible with the
REGEXP_SUBSTR function (MDEV-8006).
- CVE-2015-0501
- CVE-2015-2571
- CVE-2015-0505
- CVE-2015-0499
(LP: #1451677)
* New release includes fix for memory corruption on arm64 (LP: #1427406)
* Upstream also includes lots of line ending changes (from CRLF -> LF)
-- Otto Kekäläinen <[email protected]> Fri, 03 Jul 2015 17:39:42 +0300
** Changed in: mariadb-10.0 (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8964
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0499
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0501
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0505
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2571
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1464895
Title:
CVE-2015-3152: MySQL SSL/TLS downgrade vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1464895/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
