Wed, 06 Sep 2023 20:36:30 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.2 https://www.percona.com/blog/wp-content/uploads/2023/02/cropped-percona-favicon-32x32.png 32 32 76301791 https://www.percona.com/blog/okta-perconas-statement/ https://www.percona.com/blog/okta-perconas-statement/#respond Fri, 25 Mar 2022 15:42:20 +0000 https://www.percona.com/blog/?p=80442 https://www.percona.com/blog/okta-perconas-statement/feed/ 0 80442 https://www.percona.com/blog/log4jshell-vulnerability-update/ https://www.percona.com/blog/log4jshell-vulnerability-update/#comments Tue, 14 Dec 2021 13:31:13 +0000 https://www.percona.com/blog/?p=79327 Percona Security has been tracking an evolving issue over the weekend and into the beginning of this week.The Log4J vulnerability, also sometimes referred to as Log4JShell, can be exploited to allow for the complete takeover of the target to run any arbitrary code.This affects versions of log4j 2.0-beta9 through 2.14.1 – the current advisory is […]]]> https://www.percona.com/blog/log4jshell-vulnerability-update/feed/ 2 79327 https://www.percona.com/blog/cve-2020-15180-affects-percona-xtradb-cluster/ Fri, 30 Oct 2020 16:04:39 +0000 https://www.percona.com/blog/?p=72000 Galera replication technology, a key component of Percona XtraDB Cluster, suffered from a remote code execution vulnerability. Percona has been working with the vendor since early September on this issue and has made releases available to address the problem.ApplicabilityA malicious party with access to the WSREP service port (4567/TCP) as well as prerequisite knowledge of […]]]> 72000 https://www.percona.com/blog/cve-2020-26542-simpleldap-authentication-percona-server-percona-server-mongodb/ Fri, 23 Oct 2020 13:59:08 +0000 https://www.percona.com/blog/?p=71846 CVE-2020-26542When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.ApplicabilityPercona Server for MySQLPercona […]]]> 71846 https://www.percona.com/blog/cve-2020-10996-percona-xtradb-cluster-sst-script-static-key/ Mon, 20 Apr 2020 07:52:02 +0000 https://www.percona.com/blog/?p=67349 67349 https://www.percona.com/blog/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ Thu, 16 Apr 2020 08:21:36 +0000 https://www.percona.com/blog/?p=67009 67009 https://www.percona.com/blog/incident-involving-percona-forums-on-september-24-2019/ Wed, 25 Sep 2019 21:14:05 +0000 https://www.percona.com/blog/?p=62438 SummaryOn September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This vulnerability potentially allows an unauthenticated attacker to remotely execute code on, or possibly complete control of, […]]]> 62438 https://www.percona.com/blog/critical-update-for-percona-server-for-mysql-5-6-44-85-0/ https://www.percona.com/blog/critical-update-for-percona-server-for-mysql-5-6-44-85-0/#comments Fri, 24 May 2019 19:37:22 +0000 https://www.percona.com/blog/?p=57318 This is a CRITICAL update and the fix mitigates the issues described in CVE-2019-12301. If you upgraded packages on Debian/Ubuntu to 5.6.44-85.0-1, please upgrade to 5.6.44-85.0-2 or later and reset all MySQL root passwords.  IssueOn 2019-05-18 Percona discovered an issue with the Debian/Ubuntu 5.6.44-85.0-1 packages for Percona Server for MySQL. When the previous versions, upgraded […]]]> https://www.percona.com/blog/critical-update-for-percona-server-for-mysql-5-6-44-85-0/feed/ 1 57318 https://www.percona.com/blog/webinar-web-application-security/ Tue, 12 Mar 2019 20:59:18 +0000 https://www.percona.com/blog/?p=55867 Please join Percona’s Information Security Architect, David Bubsy, as he presents his talk Web Application Security – Why You Should Review Yours on March 14th, 2019 at 6:00 AM PDT (UTC-7) / 9:00 AM EDT (UTC-4). View the Recording In this talk, we take a look at the whole stack and I don’t just mean […]]]> 55867 https://www.percona.com/blog/deprecation-of-tlsv1-0-2019-02-31/ Mon, 18 Feb 2019 12:53:53 +0000 https://www.percona.com/blog/?p=54073 Ahead of the PCI move to deprecate the use of ‘early TLS’, we’ve previously taken steps to disable TLSv1.0.Unfortunately at that time we encountered some issues which led us to rollback these changes. This was to allow users of operating systems that did not – yet – support TLSv1.1 or higher to download Percona packages over TLSv1.0.Since […]]]> 54073 https://www.percona.com/blog/percona-responds-to-mysql-local-infile-security-issues/ https://www.percona.com/blog/percona-responds-to-mysql-local-infile-security-issues/#comments Wed, 06 Feb 2019 18:05:17 +0000 https://www.percona.com/blog/?p=55149 In this post, we’ll cover Percona’s thoughts about the current MySQL community discussion happening around MySQL LOCAL INFILE security issues.This post is released given the already public discussion of this particular issue, with the exploitation code currently redacted to ensure forks of MySQL client libraries have sufficient time to implement their response strategies.This post has […]]]> https://www.percona.com/blog/percona-responds-to-mysql-local-infile-security-issues/feed/ 4 55149 https://www.percona.com/blog/another-day-another-data-leak/ Fri, 06 Jul 2018 15:58:49 +0000 https://www.percona.com/blog/?p=51168 In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was Exactis, for whom data collection and data security are core business functions.Some takeaways from […]]]> 51168 https://www.percona.com/blog/mysql-ransomware-open-source-database-security-part-3/ https://www.percona.com/blog/mysql-ransomware-open-source-database-security-part-3/#comments Mon, 27 Feb 2017 22:28:12 +0000 https://www.percona.com/blog/?p=41587 This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them.Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and Elasticsearch deployments. Recently, we’re seeing the same for MySQL.Let’s look and see if this is MySQL’s fault.Other Ransomware […]]]> https://www.percona.com/blog/mysql-ransomware-open-source-database-security-part-3/feed/ 1 41587 https://www.percona.com/blog/docker-security-vulnerability-cve-2016-9962/ Tue, 31 Jan 2017 17:39:45 +0000 https://www.percona.com/blog/?p=37695 Docker 1.12.6 was released to address CVE-2016-9962. CVE-2016-9962 is a serious vulnerability with RunC.Quoting the coreos page (linked above):“RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during […]]]> 37695 https://www.percona.com/blog/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/ Thu, 12 Jan 2017 21:34:07 +0000 https://www.percona.com/blog/?p=40232 If you are using Percona XtraBackup with [crayon-664c980b77df3268218448-i/] to create encrypted backups, and are using versions older than 2.3.6 or 2.4.5, we advise that you upgrade Percona XtraBackup.Note: this does not affect encryption of encrypted InnoDB tables.CVE-2016-6225Percona XtraBackup versions older than 2.3.6 or 2.4.5 suffered an issue of not properly setting the Initialization Vector (IV) for encryption. This could allow […]]]> 40232 https://www.percona.com/blog/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ https://www.percona.com/blog/percona-responds-to-cve-2016-6663-and-cve-2016-6664/#comments Wed, 02 Nov 2016 17:21:01 +0000 https://www.percona.com/blog/?p=39023 Percona has addressed CVE-2016-6663 and CVE-2016-6664 in releases of Percona Server for MySQL and Percona XtraDB Cluster.Percona is happy to announce that the following vulnerabilities are fixed in current releases of Percona Server for MySQL and Percona XtraDB Cluster: CVE-2016-6663: allows a local system user with access to the affected database in the context of a […]]]> https://www.percona.com/blog/percona-responds-to-cve-2016-6663-and-cve-2016-6664/feed/ 14 39023 https://www.percona.com/blog/percona-server-critical-update-cve-2016-6662/ https://www.percona.com/blog/percona-server-critical-update-cve-2016-6662/#comments Mon, 12 Sep 2016 14:06:22 +0000 https://www.percona.com/blog/?p=38058 This blog is an announcement for a Percona Server update with regards to CVE-2016-6662.We have added a fix for CVE-2016-6662 in the following releases: Percona Server 5.5.51-38.1 Percona Server 5.5.51-38.2 Percona Server 5.6.32-78.0 Percona Server 5.6.32-78.1 Percona Server 5.7.14-7 Percona Server 5.7.14-8 Percona XtraDB Cluster 5.5.41-25.12 Percona XtraDB Cluster 5.6.30-25.16.2 Percona XtraDB Cluster 5.6.30-25.16.3 From seclist.org:An […]]]> https://www.percona.com/blog/percona-server-critical-update-cve-2016-6662/feed/ 17 38058 https://www.percona.com/blog/el5-weve-enable-tlsv1-0/ Mon, 06 Jun 2016 13:52:14 +0000 https://www.percona.com/blog/?p=36122 We have had to revert back to TLSv1.0.If you saw my previous post on TLSv1.0 (https://www.percona.com/blog/2016/05/23/percona-disabling-tlsv1-0-may-31st-2016/), you’ll know I  wanted to deprecate TLSv1.0 well ahead of PCI’s changes. We made the changes May 31st.Unfortunately, it has become apparent that EL 5, which is in the final phases of End Of Life, does not support TLSv1.1 or TLSv1.2. […]]]> 36122 https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/ https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/#comments Mon, 23 May 2016 18:09:09 +0000 https://www.percona.com/blog/?p=35768 As of May 31st, 2016, we will be disabling TLSv1.0 support on www.percona.com, repo.percona.com, etc.This is ahead of the PCI changes that will affect the June 30th 2016 deprecation the TLSv1.0 protocol. (PDF)What does this mean for you the user?Based on analysis of our IDS logs, this will affect around 6.32% of requests. As of May […]]]> https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/feed/ 2 35768 https://www.percona.com/blog/how-to-mitigate-drown-cve-2016-0800/ https://www.percona.com/blog/how-to-mitigate-drown-cve-2016-0800/#comments Fri, 04 Mar 2016 23:50:35 +0000 https://www.percona.com/blog/?p=34023 This blog post will discuss how to Mitigate DROWN CVE-2016-0800.Unless you’ve been living in a cave you’ll have heard (or likely to hear about soon) the drown attack. From the Red Hat site: “A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw […]]]> https://www.percona.com/blog/how-to-mitigate-drown-cve-2016-0800/feed/ 1 34023