Oracle MySQL is vulnerable to man-in-the-middle attacks. The attacker could hijack client’s authentication to the server even if the client was configured to require SSL connection since MySQL client command line tools only checks after authentication whether server supported SSL. Affected component is C API
.
riddle.link/
www.debian.org/security/2017/dsa-3834
www.openwall.com/lists/oss-security/2017/03/17/3
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
www.securityfocus.com/bid/97023
www.securitytracker.com/id/1038287
access.redhat.com/errata/RHSA-2017:2787
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1477575
bugzilla.redhat.com/show_bug.cgi?id=1482122
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html