vulnerability
SUSE: CVE-2016-6225: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jan 23, 2017 | Jan 24, 2017 | May 7, 2019 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jan 23, 2017
Added
Jan 24, 2017
Modified
May 7, 2019
Description
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
Solutions
suse-upgrade-xtrabackupsuse-upgrade-xtrabackup-debuginfosuse-upgrade-xtrabackup-debugsourcesuse-upgrade-xtrabackup-test
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.