This bug was fixed in the package mariadb-10.0 - 10.0.20-0ubuntu0.15.04.1 --------------- mariadb-10.0 (10.0.20-0ubuntu0.15.04.1) vivid-security; urgency=low
* SECURITY UPDATE: Update to 10.0.20 (via .18 and .19) fixes security issues: - CVE-2015-3152: Client command line option --ssl-verify-server-cert (and MYSQL_OPT_SSL_VERIFY_SERVER_CERT option of the client API) when used together with --ssl will ensure that the established connection is SSL-encrypted and the MariaDB server has a valid certificate. (LP: #1464895) - CVE-2014-8964: bundled PCRE contained heap-based buffer overflow vulnerability that allowed the server to crash or have other unspecified impact via a crafted regular expression made possible with the REGEXP_SUBSTR function (MDEV-8006). - CVE-2015-0501 - CVE-2015-2571 - CVE-2015-0505 - CVE-2015-0499 (LP: #1451677) * New release includes fix for memory corruption on arm64 (LP: #1427406) * Upstream also includes lots of line ending changes (from CRLF -> LF) -- Otto Kekäläinen <o...@seravo.fi> Fri, 03 Jul 2015 17:39:42 +0300 ** Changed in: mariadb-10.0 (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-8964 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-0499 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-0501 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-0505 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-2571 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464895 Title: CVE-2015-3152: MySQL SSL/TLS downgrade vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1464895/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs