CVE-2016-2047

Priority
Description
The ssl_verify_server_cert function in sql-common/client.c in MariaDB
before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle
MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and
Percona Server do not properly verify that the server hostname matches a
domain name in the subject's Common Name (CN) or subjectAltName field of
the X.509 certificate, which allows man-in-the-middle attackers to spoof
SSL servers via a "/CN=" string in a field in a certificate, as
demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Package
Upstream:released (10.0.23)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.0.23-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.5.47)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was released [5.5.47-1ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
Package
Upstream:released (5.5.49)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.5.49-0ubuntu0.12.04.1)
Trusty/esm:released (5.5.49-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.6.30)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was released [5.6.30-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.7.12)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.7.12-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.7.13-0ubuntu4)
Ubuntu 18.10 (Cosmic Cuttlefish):released (5.7.13-0ubuntu4)
Ubuntu 19.04 (Disco Dingo):released (5.7.13-0ubuntu4)
Ubuntu 19.10 (Eoan):released (5.7.13-0ubuntu4)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.6.34-26.19-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-04-26 14:16:46 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)