NO Security vulnerability in Percona Server / XtraDB Cluster provided binaries
Many of you heard of this nasty security vulnerability in MySQL, and as we are getting a lot of inquiries how does it affect Percona Server, I decided to address it in this post.
- The issue exists in the source code of MySQL 5.5.23 or earlier and MySQL 5.1.62 or earlier. The same is true for Percona Server, as we share the same code base.
- However binaries provided by Percona do not have this problem, as in our build process we do not use sse-optimized glibc memcmp. This is true for any version of Percona and all tar.gz, RPM and DEB packages. Once again, if you use binary builds, provided by Percona from our official download area, or from our repositories, you are safe.
- If you use your own or third-party binaries, we cannot guarantee that they built properly, and therefore, binaries based on versions 5.5.23 or earlier and 5.1.62 or earlier may be affected by this security vulnerability. You can test if it is, using, for example, the script from this post.
- In any case, it is a good idea to use the latest 5.5 or 5.1 version, so you may consider to upgrade
, Percona Software
, XtraDB Cluster