CVE 2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
Related bugs and status
CVE-2016-6225 (Candidate) is related to these bugs:
Bug #1643949: CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1643949 | CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly | Percona XtraBackup moved to https://jira.percona.com/projects/PXB | High | Fix Released | ||
1643949 | CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly | Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.3 | High | Fix Released | ||
1643949 | CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly | Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.4 | High | Fix Released |
Bug #1668934: percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7
See the
CVE page on Mitre.org
for more details.