A vulnerability was found in a way mysql verifies certificates. Ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly. MariaDB upstream bug report: https://mariadb.atlassian.net/browse/MDEV-9212 MariaDB upstream fix: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41 External reference: http://www.openwall.com/lists/oss-security/2016/01/26/3
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0534 https://rhn.redhat.com/errata/RHSA-2016-0534.html
MySQL was fixed as part of the April 2016 CPU: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL in versions 5.5.49, 5.6.30, and 5.7.12.
MySQL commit is: https://github.com/mysql/mysql-server/commit/13380bf81f6bc20d39549f531f9acebdfb5a8c37 Tags on that commit show that the fix was actually applied in earlier versions - 5.5.48, 5.6.29, and 5.7.11. It is only documented in release notes for 5.5.49, 5.6.30, and 5.7.12: Improper host name checking in X509 certificates could permit man-in-the-middle attacks. (Bug #22295186, Bug #22738607) http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html The other bug id referenced by that release notes entry corresponds to the following fix applied in versions 5.5.49, 5.6.30, and 5.7.12: https://github.com/mysql/mysql-server/commit/e7061f7e5a96c66cb2e0bf46bec7f6ff35801a69 That's a bug in embedded yaSSL library. Red Hat builds of MySQL do not use embedded yaSSL and rather use system OpenSSL.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2016:0705 https://rhn.redhat.com/errata/RHSA-2016-0705.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2016:1481 https://rhn.redhat.com/errata/RHSA-2016-1481.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2016:1480 https://rhn.redhat.com/errata/RHSA-2016-1480.html