Percona XtraBackup versions older than 2.3.6 or 2.4.5 suffered an issue of not properly setting the Initialization Vector (IV) for encryption. This could allow someone to carry out a Chosen-Plaintext Attack, which could recover decrypted content from the encrypted backup files without the need for a password. External References: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/
Created percona-xtrabackup tracking bugs for this issue: Affects: epel-7 [bug 1413008] Affects: fedora-all [bug 1413009]
Upstream patches: https://github.com/percona/percona-xtrabackup/pull/266 https://github.com/percona/percona-xtrabackup/pull/267
In the process of updating to 2.3.6 but koji appears to be having some issues. Tried 2.4.5 but there is code pulling in new boost dependencies which is failing to compile under rawhide.