Tag Archives: OpenSSL

How deep can a bug be?

Written by Written by Daniel Black

Last year I filed a bug report MDEV-33603 on what a looked like a benign problem with an optimizer taking a different code path in a particular trivial looking test. Its benign looking nature lead to me not looking at it until last week. The “benign” bug as it turned out is a bug in an OpenSSL optimization on IBM POWER, which maybe not the lowest level of “How deep”, but its certainly a long way from the high level (above storage engines) optimizer decisions in MariaDB.

Image by: Valerie Hinojosa on WikiMedia Commons

I feel I need to start this story justifying why it was left so long.

Continue reading “How deep can a bug be?”

MariaDB itself is NOT affected by the DROWN vulnerability

Written by Written by rasmus

Recently a serious vulnerability called DROWN was found. The vulnerability exists in systems that support SSLv2. There is flaw in SSLv2 that could be used to decrypt information over newer SSL protocols such as TLS. More information about the DROWN vulnerability with CVE number CVE-2016-0800 can be found here:

Last December Sergei Golubchik wrote a blog post about The State of SSL in MariaDB, which explains what versions of SSL cryptography is used in which MariaDB version and what is inherited from MySQL. …

Continue reading “MariaDB itself is NOT affected by the DROWN vulnerability”