Contrary to initial reports here and here, further investigation has revealed that under some specific and limited circumstances, Percona Server and Percona XtraDB Cluster binaries, similar to other MySQL variants, are susceptible to the security vulnerability in MySQL/MariaDB sql/password.c:
The very complicated nature of this issue—the dependency on the software platform, hardware platform, and specific binary—made the security vulnerability difficult to detect and required exhaustive testing. We apologize for any confusion caused by our original post.
As always, we recommend running the latest version of Percona Server, Percona XtraDB Cluster, or any common MySQL variant to minimize security vulnerabilities.
Percona’s widely read Percona Data Performance blog highlights our expertise in enterprise-class software, support, consulting and managed services solutions for both MySQL® and MongoDB® across traditional and cloud-based platforms. The decades of experience represented by our consultants is found daily in numerous and relevant blog posts.
Besides specific database help, the blog also provides notices on upcoming events and webinars.
Want to get weekly updates listing the latest blog posts? Subscribe to our blog now! Submit your email address below and we’ll send you an update every Friday at 1pm ET.