SUSE CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack...

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in MariaDB. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-2819 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: geticuvalueinternal out-of-bounds read bnc982010. - CVE-2016-5094: Don't create strings with lengths outside int range bnc982011. - CVE-2016-5095: Don't create strings with...

Oracle MySQL Backronym Vulnerability (Jun 2016) - Linux

Oracle MySQL is prone to a backronym vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle MySQL Backronym Vulnerability (Jun 2016) - Windows

Oracle MySQL is prone to the backronym vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2952-1: PHP vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM)

Binary data 8954.prm...

MGASA-2015-0276 Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

MariaDB 10.0.0 < 10.0.20 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.20 advisory. - Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl...

PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM)

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.27. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TL...

PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.43. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TL...

MySQL 5.1.x < 5.7.3 SSL/TLS Downgrade MitM (BACKRONYM)

The remote host has a version of the MySQL client library installed that is 5.1.x, 5.5.x, 5.6.x, or 5.7.x prior to 5.7.3. It is, therefore, affected by a security feature bypass vulnerability known as 'BACKRONYM' due to a failure to properly enforce the requirement of an SSL/TLS connection when t...