EmergencyEMERGENCY? Get 24/7 Help Now!

Clarification on MySQL security vulnerability

 | June 19, 2012 |  Posted In: MySQL, Percona Software


Contrary to initial reports here and here, further investigation has revealed that under some specific and limited circumstances, Percona Server and Percona XtraDB Cluster binaries, similar to other MySQL variants, are susceptible to the security vulnerability in MySQL/MariaDB sql/password.c:

  • 64bit Ubuntu Oneiric (11.10) binaries are vulnerable in Percona Server ONLY on some hardware/virtualization platforms (confirmed on Amazon EC2 but not on HP Cloud).
  • Neither older nor newer Ubuntu versions are affected.
  • Oneiric is not a LTS distribution. Most servers using server-market-focused versions, such as 10.04 LTS and 12.04 LTS, are NOT vulnerable.
  • The latest Percona Server binaries, 5.1.63 and 5.5.24, are NOT vulnerable.

The very complicated nature of this issue—the dependency on the software platform, hardware platform, and specific binary—made the security vulnerability difficult to detect and required exhaustive testing. We apologize for any confusion caused by our original post.

As always, we recommend running the latest version of Percona Server, Percona XtraDB Cluster, or any common MySQL variant to minimize security vulnerabilities.

Vadim Tkachenko

Vadim Tkachenko co-founded Percona in 2006 and serves as its Chief Technology Officer. Vadim leads Percona Labs, which focuses on technology research and performance evaluations of Percona’s and third-party products. Percona Labs designs no-gimmick tests of hardware, filesystems, storage engines, and databases that surpass the standard performance and functionality scenario benchmarks. Vadim’s expertise in LAMP performance and multi-threaded programming help optimize MySQL and InnoDB internals to take full advantage of modern hardware. Oracle Corporation and its predecessors have incorporated Vadim’s source code patches into the mainstream MySQL and InnoDB products. He also co-authored the book High Performance MySQL: Optimization, Backups, and Replication 3rd Edition.


Leave a Reply


Percona’s widely read Percona Database Performance blog highlights our expertise in enterprise-class software, support, consulting and managed services solutions for both MySQL® and MongoDB® across traditional and cloud-based platforms. The decades of experience represented by our consultants is found daily in numerous and relevant blog posts.

Besides specific database help, the blog also provides notices on upcoming events and webinars.
Want to get weekly updates listing the latest blog posts? Subscribe to our blog now! Submit your email address below and we’ll send you an update every Friday at 1pm ET.

No, thank you. Please do not ask me again.