Author - David Busby

CVE-2020-10996 – Percona XtraDB Cluster SST script static key

Percona XtraDB Cluster versions greater than 5.7.22-29.26 and less than 5.7.28-31.42.1 contained a script that handled SST transfers to nodes, this was inadvertently set to a static value due to an error in the bash script handling this process.
Time based access to SST files is required in order to exploit this error, as sst […]

Read more

CVE-2020-10997 – Percona XtraBackup information disclosure of command line arguments

Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the PERCONA_SCHEMA.xtrabackup_history table. In addition to the information being present within the process list and standard error output.
This issue […]

Read more

Incident Involving Percona Forums on September 24, 2019

On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This vulnerability potentially allows an unauthenticated attacker to remotely execute code on, or possibly complete control […]

Read more

Critical Update for Percona Server for MySQL 5.6.44-85.0

Percona Server for MySQL 8.0

This is a CRITICAL update and the fix mitigates the issues described in CVE-2019-12301. If you upgraded packages on Debian/Ubuntu to 5.6.44-85.0-1, please upgrade to 5.6.44-85.0-2 or later and reset all MySQL root passwords.
On 2019-05-18 Percona discovered an issue with the Debian/Ubuntu 5.6.44-85.0-1 packages for Percona Server for MySQL. When the previous versions, […]

Read more

Upcoming Webinar Thurs 3/14: Web Application Security – Why You Should Review Yours

Please join Percona’s Information Security Architect, David Bubsy, as he presents his talk Web Application Security – Why You Should Review Yours on March 14th, 2019 at 6:00 AM PDT (UTC-7) / 9:00 AM EDT (UTC-4).
View the Recording
In this talk, we take a look at the whole stack and I don’t just mean LAMP.
We’ll […]

Read more