Wind River Support Network

HomeDefectsLIN6-11393

Fixed

LIN6-11393 : Security Advisory - php - CVE-2015-8838

Created: May 31, 2016 Updated: Dec 3, 2018

Resolved Date: Jun 28, 2016

Found In Version: 6.0.0.29

Fix Version: 6.0.0.31

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8838

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38