Emergency

Search Results for: security

Percona security update: oCERT and SSL improvements

We have recently become a member of oCERT to aid in allowing responsible disclosure for Percona products and services as can be seen on their members page. We are presently working on the verbiage for …


Percona Security Advisory CVE-2015-1027

Contents Summary Analysis Mitigating factors P.O.C Acknowledgments Summary During a code audit performed internally at Percona, we discovered a viable information disclosure attack when coupled with a MITM attack in which percona-toolkit and xtrabackup perl …


How to test if CVE-2015-0204 FREAK SSL security flaw affects you

The CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT” ciphers which could be used to perform a transparent Man In The Middle attack. (We seem to be continually bombarded with not only SSL vulnerabilities but the …


How to close POODLE SSLv3 security flaw (CVE-2014-3566)

Padding Oracle On Downgraded Legacy Encryption First off, the naming “convention” as of late for security issues has been terrible. The newest vulnerability (CVE­-2014-3566) is nicknamed POODLE, which at least is an acronym and as per …


Database security: Why should you review yours?

Ah database security… the black sheep of topics and something you would really rather not have to deal with right? I mean surely all the fanfare and paranoia is reserved for the neck beards with …


MySQL Security Webinar: Follow-up Q&A

Thanks to everyone who attended last week’s webinar on MySQL security; hopefully you’ve all gone out and set SELinux to enforcing mode if you weren’t already running that way. If you weren’t able to attend, …


MySQL 5.6 security vs ease of use

MySQL 5.6 surely changes the game when it comes to security vs ease of use. Before MySQL 5.6 we would get default MySQL installation being pretty insecure – the user “root” will be created with …


MySQL Security: Armoring Your Dolphin

My colleague and teammate Ernie Souhrada will be presenting a webinar on Wednesday, August 21, 2013 at 10 a.m. PDT titled “MySQL Security: Armoring Your Dolphin.” This is a popular topic with news breaking routinely …


Percona response to recent MySQL security bugs

Recently there have been discussions on several vulnerabilities in MySQL and closely related projects such as MariaDB and Percona Server. Usually we have inherited security fixes from MySQL when we have updated Percona Server to …


Clarification on MySQL security vulnerability

Contrary to initial reports here and here, further investigation has revealed that under some specific and limited circumstances, Percona Server and Percona XtraDB Cluster binaries, similar to other MySQL variants, are susceptible to the security …