oss-sec mailing list archives

Re: mysql-5.1.41

From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 16:08:51 -0500 (EST)

As best as I can tell, we only need one CVE id (two issues, but one already has
an id).

MySQL clients before version 5.1.41 linked against OpenSSL would not properly
check certificates presented by a MySQL server linked against yaSSL. This could
possibly lead to a man in the middle type of attack on the SSL connection.

http://bugs.mysql.com/bug.php?id=47320
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Thanks.

-- 
    JB


----- "Oden Eriksson" <oeriksson () mandriva com> wrote:

Hello.

The new mysql release mentions two security issues that has been
addressed, 
anyone knows more about that? I guess it would need some CVE
assignment as 
well.

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

-- 
Regards // Oden Eriksson
Security team manager - Mandriva

Current thread:

mysql-5.1.41 Oden Eriksson (Nov 19)
- <Possible follow-ups>
- Re: mysql-5.1.41 Josh Bressers (Nov 23)
  - Re: mysql-5.1.41 Jan Lieskovsky (Nov 24)
    - Re: mysql-5.1.41 Jan Lieskovsky (Nov 24)
    - Re: mysql-5.1.41 Sergei Golubchik (Nov 24)
    - Re: mysql-5.1.41 Steven M. Christey (Nov 30)
    - Re: mysql-5.1.41 Tomas Hoger (Dec 16)
    - Re: mysql-5.1.41 Sergei Golubchik (Dec 17)
    - Re: mysql-5.1.41 Tomas Hoger (Dec 17)