EmergencyEMERGENCY? Get 24/7 Help Now!

MySQL Ransomware: Open Source Database Security Part 3

and  | February 27, 2017 |  Posted In: MySQL, Security

MySQL Ransomware

This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them. Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and Elasticsearch deployments. Recently, we’re seeing the same for MySQL. Let’s look and see if this is MySQL’s […]

Read More

Docker Security Vulnerability CVE-2016-9962

 | January 31, 2017 |  Posted In: Docker, Events and Announcements, MongoDB, MySQL, PMM, Security

CVE-2016-9962

Docker 1.12.6 was released to address CVE-2016-9962. CVE-2016-9962 is a serious vulnerability with RunC. Quoting the coreos page (linked above): “RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new […]

Read More

CVE-2016-6225: Percona Xtrabackup Encryption IV Not Being Set Properly

and  | January 12, 2017 |  Posted In: MySQL, Security

CVE-2016-6225

If you are using Percona XtraBackup with xbcrypt to create encrypted backups, and are using versions older than 2.3.6 or 2.4.5, we advise that you upgrade Percona XtraBackup. Note: this does not affect encryption of encrypted InnoDB tables. CVE-2016-6225 Percona XtraBackup versions older than 2.3.6 or 2.4.5 suffered an issue of not properly setting the Initialization Vector (IV) for […]

Read More

Percona responds to CVE-2016-6663 and CVE-2016-6664

 | November 2, 2016 |  Posted In: Events and Announcements, MySQL, Percona XtraDB Cluster

CVE-2016-9962

Percona has addressed CVE-2016-6663 and CVE-2016-6664 in releases of Percona Server for MySQL and Percona XtraDB Cluster. Percona is happy to announce that the following vulnerabilities are fixed in current releases of Percona Server for MySQL and Percona XtraDB Cluster: CVE-2016-6663: allows a local system user with access to the affected database in the context of […]

Read More

Percona Server Critical Update CVE-2016-6662

 | September 12, 2016 |  Posted In: Events and Announcements, MySQL

CVE-2016-9962

This blog is an announcement for a Percona Server update with regards to CVE-2016-6662. We have added a fix for CVE-2016-6662 in the following releases: Percona Server 5.5.51-38.1 Percona Server 5.5.51-38.2 Percona Server 5.6.32-78.0 Percona Server 5.6.32-78.1 Percona Server 5.7.14-7 Percona Server 5.7.14-8 Percona XtraDB Cluster 5.5.41-25.12 Percona XtraDB Cluster 5.6.30-25.16.2 Percona XtraDB Cluster 5.6.30-25.16.3 From […]

Read More

EL5 and why we’ve had to enable TLSv1.0 again

 | June 6, 2016 |  Posted In: MySQL

TLSv1.0

We have had to revert back to TLSv1.0. If you saw my previous post on TLSv1.0 (https://www.percona.com/blog/2016/05/23/percona-disabling-tlsv1-0-may-31st-2016/), you’ll know I  wanted to deprecate TLSv1.0 well ahead of PCI’s changes. We made the changes May 31st. Unfortunately, it has become apparent that EL 5, which is in the final phases of End Of Life, does not support TLSv1.1 […]

Read More

Percona disabling TLSv1.0 May 31st 2016

 | May 23, 2016 |  Posted In: Events and Announcements

As of May 31st, 2016, we will be disabling TLSv1.0 support on www.percona.com, repo.percona.com, etc. This is ahead of the PCI changes that will affect the June 30th 2016 deprecation the TLSv1.0 protocol. (PDF) What does this mean for you the user? Based on analysis of our IDS logs, this will affect around 6.32% of requests. […]

Read More

How to Mitigate DROWN CVE-2016-0800

 | March 4, 2016 |  Posted In: MySQL

Mitigate DROWN CVE-2016-0800

This blog post will discuss how to Mitigate DROWN CVE-2016-0800. Unless you’ve been living in a cave you’ll have heard (or likely to hear about soon) the drown attack. From the Red Hat site: “A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this […]

Read More

OpenSSH CVE-2016-0777: Details and Mitigation

 | January 14, 2016 |  Posted In: MySQL, Security

OpenSSH

Earlier today advisories were sent out regarding OpenSSH versions 5.4 through 7.1., informing users about a security bug in the software. In essence, the advisory instructed people to add the   UseRoaming no option to their ssh_config file, with a promise for further information to be made available shortly.   Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" […]

Read More

MySQL and Trojan.Chikdos.A

 | October 29, 2015 |  Posted In: MySQL

Symantec published a blog post yesterday regarding MySQL and the Trojan.Chikdos.A as can be seen here The Symantec post gives detail into the behavior of the Trojan and it’s effects on the Windows system registry, yet gives little detail as to how the required first stage (namely a malicious UDF) is injected, citing: “In the […]

Read More