Launchpad.net

CVE 2013-6394

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

Related bugs and status

CVE-2013-6394 (Candidate) is related to these bugs:

Bug #1185343: Fixed IV used in Xtrabackup encryption

		In	Importance	Status
1185343	Fixed IV used in Xtrabackup encryption	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	High	Fix Released
1185343	Fixed IV used in Xtrabackup encryption	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.1	High	Fix Released
1185343	Fixed IV used in Xtrabackup encryption	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.2	High	Fix Released
1185343	Fixed IV used in Xtrabackup encryption	percona-xtrabackup (Ubuntu)	High	Fix Released
1185343	Fixed IV used in Xtrabackup encryption	percona-xtrabackup (Ubuntu Saucy)	High	Won't Fix
1185343	Fixed IV used in Xtrabackup encryption	percona-xtrabackup (Ubuntu Trusty)	High	Fix Released

Bug #1643949: CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly

		In	Importance	Status
1643949	CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	High	Fix Released
1643949	CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.3	High	Fix Released
1643949	CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.4	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6394

Related bugs and status

Related bugs

References