Bug 963806 (CVE-2016-2047) - VUL-0: CVE-2016-2047: mariadb,mysql: ssl-validate-cert incorrect hostname check
Summary: VUL-0: CVE-2016-2047: mariadb,mysql: ssl-validate-cert incorrect hostname check
Status: RESOLVED FIXED
Alias: CVE-2016-2047
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Kristyna Streitova
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/161286/
Whiteboard: CVSSv2:RedHat:CVE-2016-2047:4.9:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-27 15:18 UTC by Johannes Segitz
Modified: 2019-05-06 13:59 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-01-27 15:18:59 UTC 
rh#1301874

A vulnerability was found in a way mysql verifies certificates. Ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly.

Fix: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1301874
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2047
http://seclists.org/oss-sec/2016/q1/212
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2047.html
http://www.debian.org/security/2016/dsa-3453
Comment 1 Swamp Workflow Management 2016-01-28 23:02:16 UTC 
bugbot adjusting priority
Comment 3 Kristyna Streitova 2016-04-25 14:52:20 UTC 
MySQL - fixed versions:
  - MySQL 5.5.49
  - MySQL 5.6.30
  - MySQL 5.7.12

MariaDB - fixed versions:
  - MariaDB 5.5.47
  - MariaDB 10.0.23
  - MariaDB 10.1.10
Comment 4 Kristyna Streitova 2016-04-26 15:54:24 UTC 
Submissions summary for MySQL:
-----------------------------

|    Codestream    | New version | Request |
|------------------|-------------|---------|
| SLE11SP3         | 5.5.49      | #113337 |
| openSUSE Factory | 5.6.30      | #391732 |
| openSUSE 13.2    | 5.6.30      | #391734 |
| openSUSE Leap    | 5.6.30      | #391734 |
Comment 5 Swamp Workflow Management 2016-05-11 16:10:26 UTC 
SUSE-SU-2016:1279-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 963806,976341
CVE References: CVE-2016-0640,CVE-2016-0641,CVE-2016-0642,CVE-2016-0643,CVE-2016-0644,CVE-2016-0646,CVE-2016-0647,CVE-2016-0648,CVE-2016-0649,CVE-2016-0650,CVE-2016-0651,CVE-2016-0666,CVE-2016-2047
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.5.49-0.20.1
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.5.49-0.20.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mysql-5.5.49-0.20.1
Comment 7 Bernhard Wiedemann 2016-06-14 18:01:35 UTC 
This is an autogenerated message for OBS integration:
This bug (963806) was mentioned in
https://build.opensuse.org/request/show/402001 13.2 / mariadb
Comment 8 Swamp Workflow Management 2016-06-17 18:09:06 UTC 
SUSE-SU-2016:1619-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 960961,961935,963806,980904
CVE References: CVE-2016-0505,CVE-2016-0546,CVE-2016-0596,CVE-2016-0597,CVE-2016-0598,CVE-2016-0600,CVE-2016-0606,CVE-2016-0608,CVE-2016-0609,CVE-2016-0616,CVE-2016-0640,CVE-2016-0641,CVE-2016-0642,CVE-2016-0643,CVE-2016-0644,CVE-2016-0646,CVE-2016-0647,CVE-2016-0648,CVE-2016-0649,CVE-2016-0650,CVE-2016-0651,CVE-2016-0655,CVE-2016-0666,CVE-2016-0668,CVE-2016-2047
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.25-20.6.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.25-20.6.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.25-20.6.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.25-20.6.1
Comment 9 Swamp Workflow Management 2016-06-17 18:09:42 UTC 
SUSE-SU-2016:1620-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 961935,963806,963810,970287,970295,980904
CVE References: CVE-2016-0505,CVE-2016-0546,CVE-2016-0596,CVE-2016-0597,CVE-2016-0598,CVE-2016-0600,CVE-2016-0606,CVE-2016-0608,CVE-2016-0609,CVE-2016-0616,CVE-2016-0640,CVE-2016-0641,CVE-2016-0642,CVE-2016-0643,CVE-2016-0644,CVE-2016-0646,CVE-2016-0647,CVE-2016-0648,CVE-2016-0649,CVE-2016-0650,CVE-2016-0651,CVE-2016-0655,CVE-2016-0666,CVE-2016-0668,CVE-2016-2047
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    mariadb-10.0.25-6.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    mariadb-10.0.25-6.1
SUSE Linux Enterprise Server 12-SP1 (src):    mariadb-10.0.25-6.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    mariadb-10.0.25-6.1
Comment 10 Swamp Workflow Management 2016-06-23 11:09:40 UTC 
openSUSE-SU-2016:1664-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 963806,963810,970287,970295,979524,980904
CVE References: CVE-2016-0505,CVE-2016-0546,CVE-2016-0596,CVE-2016-0597,CVE-2016-0598,CVE-2016-0600,CVE-2016-0606,CVE-2016-0608,CVE-2016-0609,CVE-2016-0616,CVE-2016-0640,CVE-2016-0641,CVE-2016-0642,CVE-2016-0643,CVE-2016-0644,CVE-2016-0646,CVE-2016-0647,CVE-2016-0648,CVE-2016-0649,CVE-2016-0650,CVE-2016-0651,CVE-2016-0655,CVE-2016-0666,CVE-2016-0668,CVE-2016-2047
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.25-2.24.1
Comment 11 Swamp Workflow Management 2016-06-27 13:08:46 UTC 
openSUSE-SU-2016:1686-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 961935,963806,963810,970287,970295,980904
CVE References: CVE-2016-0505,CVE-2016-0546,CVE-2016-0596,CVE-2016-0597,CVE-2016-0598,CVE-2016-0600,CVE-2016-0606,CVE-2016-0608,CVE-2016-0609,CVE-2016-0616,CVE-2016-0640,CVE-2016-0641,CVE-2016-0642,CVE-2016-0643,CVE-2016-0644,CVE-2016-0646,CVE-2016-0647,CVE-2016-0648,CVE-2016-0649,CVE-2016-0650,CVE-2016-0651,CVE-2016-0655,CVE-2016-0666,CVE-2016-0668,CVE-2016-2047
Sources used:
openSUSE Leap 42.1 (src):    mariadb-10.0.25-6.1
Comment 12 Marcus Meissner 2016-08-01 15:09:46 UTC 
released