View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2009-4028 severity moderate: SUSE including 185 source package names (liblz4-1-1.8.0-3.5.2, libmariadb-devel-3.1.22-2.35.1, …), 350 product×package rows across 49 product lines (SUSE CaaS Platform 4.0, SUSE Linux Enterprise Desktop 12, … (49 product lines)): Fixed 321, Known Not Affected 29.
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.