xtrabackup: fixed initialization vector used while encrypting the data (CVE-2013-6394)
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
•MLIST:[oss-security] 20131126 Re: CVE Request: static IV used in
Percona XtraBackup
•URL: http://www.openwall.com/lists/oss-security/2013/11/26/11
•CONFIRM:
http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
•SUSE:openSUSE-SU-2013:1864
•URL: http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
•SUSE:openSUSE-SU-2014:0245
•URL: http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
(from redmine: issue id 3397, created on 2014-09-25, closed on 2014-10-01)
- Changesets:
- Revision f60d2e48 by Natanael Copa on 2014-09-30T09:24:59Z:
main/xtrabackup: security upgrade to 2.1.9 (CVE-2013-6394)
fixes #3397