CVE-2015-3152 in Ubuntu

CVE-2015-3152

Priority

Description

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient)
before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that
SSL is optional, which allows man-in-the-middle attackers to spoof servers
via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
http://www.ocert.org/advisories/ocert-2015-003.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/

Notes

tyhicks	The MySQL documentation makes the behavior of the --ssl option clear. It isn't known if they'll release updates for the 5.5/5.6 series.
mdeslaur	not included in 5.5.47 or 5.6.28. Marking this issue as "ignored" since it doesn't look like upstream is going to fix this in 5.5 and 5.6, and we aren't going to diverge from upstream.

Package

Source: mariadb-10.0 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Package

Source: mariadb-5.5 (LP Ubuntu Debian)

Upstream:	released (5.5.44)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was released [5.5.44-1ubuntu0.14.04.1])
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Package

Source: mysql-5.5 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	ignored
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Upstream:

https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390

Package

Source: mysql-5.6 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored)
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Upstream:

https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390

Package

Source: mysql-dfsg-5.1 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Upstream:

https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390

Package

Source: percona-server-5.6 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Package

Source: percona-xtradb-cluster-5.5 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

More Information

Updated: 2022-04-25 00:15:32 UTC (commit ecc1009cb19540b950de59270950018900f37f15)