by David Busby | Mar 25, 2022 | MySQL
On 22nd March 2022 08:43 UTC, we became aware of the issue affecting Okta, a third-party identity provider that Percona uses for https://id.percona.com. Initially, there was no statement from Okta, so our Security Operations team reviewed the information available... by David Busby | Dec 14, 2021 | Percona Announcements, Security
Percona Security has been tracking an evolving issue over the weekend and into the beginning of this week.The Log4J vulnerability, also sometimes referred to as Log4JShell, can be exploited to allow for the complete takeover of the target to run any arbitrary... by David Busby | Oct 30, 2020 | Insight for DBAs, MySQL, Percona Software
Galera replication technology, a key component of Percona XtraDB Cluster, suffered from a remote code execution vulnerability. Percona has been working with the vendor since early September on this issue and has made releases available to address the problem.... by David Busby | Oct 23, 2020 | MongoDB, MySQL, Percona Software
CVE-2020-26542 When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the... by David Busby | Apr 20, 2020 | MySQL
CVE-2020-10996 Percona XtraDB Cluster versions greater than 5.7.22-29.26 and less than 5.7.28-31.42.1 contained a script that handled SST transfers to nodes, this was inadvertently set to a static value due to an error in the bash script handling this... by David Busby | Apr 16, 2020 | MySQL
CVE-2020-10997 Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the... by David Busby | Sep 25, 2019 | Security
Summary On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This... by David Busby | May 24, 2019 | MySQL
This is a CRITICAL update and the fix mitigates the issues described in CVE-2019-12301. If you upgraded packages on Debian/Ubuntu to 5.6.44-85.0-1, please upgrade to 5.6.44-85.0-2 or later and reset all MySQL root passwords. Issue On 2019-05-18 Percona... by David Busby | Mar 12, 2019 | Insight for DBAs, MySQL, Security, Webinars
Please join Percona’s Information Security Architect, David Bubsy, as he presents his talk Web Application Security – Why You Should Review Yours on March 14th, 2019 at 6:00 AM PDT (UTC-7) / 9:00 AM EDT (UTC-4). View the Recording In this talk, we take a... by David Busby | Feb 18, 2019 | MySQL, Security
Ahead of the PCI move to deprecate the use of ‘early TLS’, we’ve previously taken steps to disable TLSv1.0.Unfortunately at that time we encountered some issues which led us to rollback these changes. This was to allow users of operating... by David Busby | Feb 6, 2019 | MySQL, Security
In this post, we’ll cover Percona’s thoughts about the current MySQL community discussion happening around MySQL LOCAL INFILE security issues.This post is released given the already public discussion of this particular issue, with the exploitation code... by David Busby | Jul 6, 2018 | MongoDB, MySQL, Percona Software, Security
In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the... by David Busby | Feb 27, 2017 | MySQL, Security
This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them.Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and... by David Busby | Jan 31, 2017 | Cloud, MongoDB, MySQL, Percona Events, Security
Docker 1.12.6 was released to address CVE-2016-9962. CVE-2016-9962 is a serious vulnerability with RunC. Quoting the coreos page (linked above): “RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the... by David Busby | Jan 12, 2017 | MySQL, Security
If you are using Percona XtraBackup with xbcrypt to create encrypted backups, and are using versions older than 2.3.6 or 2.4.5, we advise that you upgrade Percona XtraBackup.Note: this does not affect encryption of encrypted InnoDB tables.... by David Busby | Nov 2, 2016 | MySQL, Percona Events, Percona Software
Percona has addressed CVE-2016-6663 and CVE-2016-6664 in releases of Percona Server for MySQL and Percona XtraDB Cluster.Percona is happy to announce that the following vulnerabilities are fixed in current releases of Percona Server for MySQL and Percona XtraDB... by David Busby | Sep 12, 2016 | MySQL, Percona Events
This blog is an announcement for a Percona Server update with regards to CVE-2016-6662. We have added a fix for CVE-2016-6662 in the following releases: Percona Server 5.5.51-38.1 Percona Server 5.5.51-38.2 Percona Server 5.6.32-78.0 Percona Server 5.6.32-78.1... by David Busby | Jun 6, 2016 | MySQL
We have had to revert back to TLSv1.0.If you saw my previous post on TLSv1.0 (https://www.percona.com/blog/2016/05/23/percona-disabling-tlsv1-0-may-31st-2016/), you’ll know I wanted to deprecate TLSv1.0 well ahead of PCI’s changes. We made the... by David Busby | May 23, 2016 | Percona Events
As of May 31st, 2016, we will be disabling TLSv1.0 support on www.percona.com, repo.percona.com, etc.This is ahead of the PCI changes that will affect the June 30th 2016 deprecation the TLSv1.0 protocol. (PDF)What does this mean for you the user?Based on analysis... by David Busby | Mar 4, 2016 | MySQL
This blog post will discuss how to Mitigate DROWN CVE-2016-0800.Unless you’ve been living in a cave you’ll have heard (or likely to hear about soon) the drown attack. From the Red Hat site:“A padding oracle flaw was found in the Secure Sockets Layer...