Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Nov 2013 10:39:37 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: static IV used in Percona XtraBackup

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/2013 03:52 AM, Marcus Meissner wrote:
> Hi,
> 
> This came to our desk:
> https://bugzilla.novell.com/show_bug.cgi?id=852224
> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
> 
> constant IV used in CTR Mode, allowing plaintext retrieval
> attacks.
> 
> I think it needs a CVE.
> 
> Ciao, Marcus
> 

Please use CVE-2013-6394 for this issue.

P.S. has anyone considered packaging this for Fedora? looks nifty.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSlNzYAAoJEBYNRVNeJnmT91QP/1Mnd31z82+CKrLklfRidV/Y
McdFlOm9AQJvUTKy5U8/7JroWx5wQpGBOVqp7KKB30m/PId+mzoVPF+0AwHhfleg
CQ37UowmYx6izjSS+A3yHXFYdm7Bm46ulghnSF7slM+tEn9SiiP6IjGJLJfJStZ9
9KkCdUDepq67UmLA9ny10/Fhc+NBcAJj6VIPGzQPFyFlqw91RFLnnqpX+Sb7qCGj
lIXikWYmmCtKtl6DzPPNgbcejMY9OJulacHQ8V8fngAIcHzuofkMRyv17zDvtreP
MiUB7NeMpwzWZBqIv3WE+/kzmxubVf8pI50Y847bDwzMd1HhVv0RrigqGhg8reiG
dIHGFk+LS60PTPHEFs7K7r2xAk+GOmHPOCpaZlQqDrNRqQ/Zxu9MDjockYN4+rS/
4qJD9N8jeyDHhZmR2BnIIlZkjHzwYlDcAiAX06NB4mppVTTHadaWYTc6620NhG9F
BzV3KIxyFnAVPD3aeXaWCtLqCaKmq3kAJHsTF2QkmlsVNNwcnMdIvMnbyyjn5oeY
Dw1bZcmdRfchYavozkuM5898PH8+yzvXl/k60e/8zjgGIVbVIRYblznK+5bqPlpb
GPoYGAmmy8knV2E/6YR7kFXdzVC8n/XYUL9h7HGNy74pLGEZLHlxlhM52fRPE9qs
P6fxvlll8e/bfvZj2CDZ
=b8Jv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.