Description of problem:
xbcrypt in versions < 2.3.5 && < 2.4.5 does not handle the setting of the IV correctly resulting in the produced ciphertext being vulnerable to a chosen plaintext attack.
More here: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/
Version-Release number of selected component (if applicable):
2.3.6 && 2.4.5
PoC code may be available on request, and on NDA signing.
Code changes here:
Affected package is here: https://koji.fedoraproject.org/koji/packageinfo?packageID=20906
Thank you for the information. I have filed a security bug and added tracking bugs to it. Marking this as duplicate, if you need anything else please comment in the CVE bug.
*** This bug has been marked as a duplicate of bug 1413008 ***