Description
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient)
before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that
SSL is optional, which allows man-in-the-middle attackers to spoof servers
via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Notes
tyhicks | The MySQL documentation makes the behavior of the --ssl option clear.
It isn't known if they'll release updates for the 5.5/5.6 series. |
mdeslaur | not included in 5.5.47 or 5.6.28.
Marking this issue as "ignored" since it doesn't look like
upstream is going to fix this in 5.5 and 5.6, and we aren't
going to diverge from upstream. |
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | released
(5.5.44)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
(trusty was released [5.5.44-1ubuntu0.14.04.1])
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | ignored
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
(trusty was ignored)
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Package
Upstream: | needed
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
(trusty was needed)
|
Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Updated: 2022-04-25 00:15:32 UTC (commit ecc1009cb19540b950de59270950018900f37f15)