Percona XtraBackup moved to https://jira.percona.com/projects/PXB

weak random numbers used for IV encryption

Bug #1255300 reported by George Ormond Lorch III
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Fix Released
Medium
George Ormond Lorch III
Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.2.0
2.1
Fix Released
Medium
George Ormond Lorch III
Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.1.7
2.2
Fix Released
Medium
George Ormond Lorch III
Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.2.0

Bug Description

http://www.openwall.com/lists/oss-security/2013/11/26/13

While researching asymmetric encryption it was discovered that libgcrypt has built in randomization functions that should be used for setting the IV. This security alert confirms that stronger randomization is needed.

Related branches

lp:~gl-az/percona-xtrabackup/bug1255300-2.1
Alexey Kopytov (community): Approve
Diff: 67 lines (+1/-23)
4 files modified
src/ds_encrypt.c (+0/-2)
src/xbcrypt.c (+0/-2)
src/xbcrypt.h (+0/-2)
src/xbcrypt_common.c (+1/-17)
lp:~gl-az/percona-xtrabackup/bug1255300-2.2
Alexey Kopytov (community): Approve
Diff: 67 lines (+1/-23)
4 files modified
storage/innobase/xtrabackup/src/ds_encrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.h (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt_common.c (+1/-17)
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-677

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.