LP #1683456: CVE-2017-3305 mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6
General
Escalation
General
Escalation
Description
Environment
None
Smart Checklist
Activity
Show:
lpjirasync January 24, 2018 at 11:16 AM
**Comment from Launchpad by: Laurynas Biveinis on: 03-05-2017 03:26:09
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
lpjirasync
lpjirasync(Deactivated)Priority
LowSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created January 24, 2018 at 11:16 AM
Updated January 24, 2018 at 11:16 AM
Resolved January 24, 2018 at 11:16 AM
**Reported in Launchpad by monty solomon last update 03-05-2017 03:26:09
The Riddle is a critical security vulnerability found in Oracle's MySQL 5.5 and 5.6 client database libraries. The vulnerability allows an attacker to use man riddle in the middle for breaking SSL configured connection between MySQL client and server.
http://riddle.link/
It appears that it may be fixed in 5.5.55 and 5.6.36.
https://bugzilla.redhat.com/show_bug.cgi?id=1431690
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html