Launchpad CVE tracker

CVE 2016-2047

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Related bugs and status

CVE-2016-2047 (Candidate) is related to these bugs:

Bug #1521120: MySQL client Common Name validation may allow for MITM

		In	Importance	Status
1521120	MySQL client Common Name validation may allow for MITM	Percona Server moved to https://jira.percona.com/projects/PS	High	Fix Released
1521120	MySQL client Common Name validation may allow for MITM	Percona Server moved to https://jira.percona.com/projects/PS 5.7	High	Fix Released
1521120	MySQL client Common Name validation may allow for MITM	Percona Server moved to https://jira.percona.com/projects/PS 5.5	High	Fix Released
1521120	MySQL client Common Name validation may allow for MITM	Percona Server moved to https://jira.percona.com/projects/PS 5.6	High	Fix Released

Bug #1538315: USN-2881-1: MySQL vulnerabilities also apply to MariaDB

		In	Importance	Status
1538315	USN-2881-1: MySQL vulnerabilities also apply to MariaDB	mariadb-10.0 (Ubuntu)	Medium	Fix Released
1538315	USN-2881-1: MySQL vulnerabilities also apply to MariaDB	mariadb-10.0 (Ubuntu Vivid)	Medium	Fix Released
1538315	USN-2881-1: MySQL vulnerabilities also apply to MariaDB	mariadb-10.0 (Ubuntu Wily)	Medium	Fix Released

Bug #1570808: Security fixes from the April 2016 CPU

Summary				In	Importance	Status
	1570808	Security fixes from the April 2016 CPU		mysql-5.7 (Ubuntu)	Undecided	New

Bug #1572559: mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug

		In	Importance	Status
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.6 (Ubuntu)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.6 (Ubuntu Wily)	Medium	Fix Released
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.6 (Ubuntu Precise)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.6 (Ubuntu Trusty)	Medium	Fix Released
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.5 (Ubuntu)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.5 (Ubuntu Precise)	Medium	Fix Released
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.5 (Ubuntu Trusty)	Medium	Fix Released
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.5 (Ubuntu Wily)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.7 (Ubuntu)	Undecided	Fix Released
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.7 (Ubuntu Precise)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.7 (Ubuntu Trusty)	Undecided	Invalid
1572559	mysql 5.5.49, 5.6.30, 5.7.12 security update tracking bug	mysql-5.7 (Ubuntu Wily)	Undecided	Invalid

Bug #1578370: Multiple MySQL 5.5 and 5.6 vulnerabilities

		In	Importance	Status
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack	High	Fix Released
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 6.1.x	High	Won't Fix
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 7.0.x	High	Fix Released
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 5.1.x	High	Won't Fix
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 6.0.x	High	Won't Fix
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 9.x	High	Fix Released
1578370	Multiple MySQL 5.5 and 5.6 vulnerabilities	Mirantis OpenStack 8.0.x	High	Fix Released

Bug #1668934: percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7

		In	Importance	Status
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtradb-cluster-5.6 (Ubuntu)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-galera-3 (Ubuntu)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtrabackup (Ubuntu)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-galera-3 (Ubuntu Zesty)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtrabackup (Ubuntu Zesty)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtradb-cluster-5.6 (Ubuntu Zesty)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-galera-3 (Ubuntu Xenial)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtrabackup (Ubuntu Xenial)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtradb-cluster-5.6 (Ubuntu Xenial)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-galera-3 (Ubuntu Yakkety)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtrabackup (Ubuntu Yakkety)	High	Fix Released
1668934	percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7	percona-xtradb-cluster-5.6 (Ubuntu Yakkety)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2047

References