Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE-2016-6225 in 2.4 #267

merged 2 commits into from Nov 22, 2016


None yet
1 participant
Copy link

commented Nov 11, 2016

No description provided.

gl-sergei added some commits Nov 2, 2016

CVE-2016-6225: xtrabackup encryption is not setting the IV correctly
Blueprint checksum-unencrypted-chunk


This patch changes xbcrypt format as following:

1. Bump XBCRYPT header version number, current is "XBCRYP03"

2. Append 32-byte SHA256 hash of the plaintext to the payload of each

3. Encrypt plaintext payload and hash all together

4. Both original length and encrypted length fields of the chunk header
   are calculated including these extra 32 bytes.
Merge branch '2.3-xb-pxb-186' into 2.4-xb-pxb-186
* 2.3-xb-pxb-186:
  CVE-2016-6225: xtrabackup encryption is not setting the IV correctly

@gl-sergei gl-sergei force-pushed the gl-sergei:2.4-xb-pxb-186 branch from 466c59c to c043893 Nov 22, 2016

@gl-sergei gl-sergei merged commit 83efde4 into percona:2.4 Nov 22, 2016

@gl-sergei gl-sergei deleted the gl-sergei:2.4-xb-pxb-186 branch Nov 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.