For our implementation we stipulate use of the tarball versions of PXB8 to allow non-root execution and non-default install locations. We only support RHEL8 deployments and, to date, have been using the glibc2.17 tarballs e.g:
These work on el8 but of late some of our clients have been raising security concerns given these tarballs contain old open-ssl1.0.2k libs and are flagged by vulnerability scanners e.g: OpenSSL 1.0.2 < 1.0.2za Vulnerability<!-- --> | Tenable®
There appears to only be a glibc2.17 (el7) variant of the PXB8 tarball available (unlike PXC8 which has a glibc2.17 (el7) and glibc2.34 (el9) version - but also no glibc2.28 (el8) version)
Please can you help ideally by providing glibc2.28 variants of the PXB8 tarballs going forward and if possible can you provide any remediation steps for a glibc2.17 deployment on el8 to alleviate current concerns?
I am planning on raising a similar bug against Percona XtraDB Cluster 8 which also has the same issue - see
Many thanks.
Environment
None
Activity
Evgeniy Patlan December 3, 2024 at 4:30 AM
such tarballs are available on website for downloads
Aaditya Dubey February 19, 2024 at 2:18 PM
Hi
Since it is improvement request then it completely depends on Engineering's road map so we are unable to provide any ETA at the moment. Thank You!
Neil Billett February 19, 2024 at 1:43 PM
Thanks for the update.
Assuming this is accepted is there any timeline/ETA for when PXB8 glibc2.28 tarballs might be available?
Aaditya Dubey February 14, 2024 at 3:40 PM
Hi
Thank you for the report. glibc2.17 should work with glibc2.28 but yes regarding CVEs there should be some improvement so we considering this as Improvement request not a bug.
Hi,
For our implementation we stipulate use of the tarball versions of PXB8 to allow non-root execution and non-default install locations. We only support RHEL8 deployments and, to date, have been using the glibc2.17 tarballs e.g:
https://downloads.percona.com/downloads/Percona-XtraBackup-8.0/Percona-XtraBackup-8.0.35-30/binary/tarball/percona-xtrabackup-8.0.35-30-Linux-x86_64.glibc2.17.tar.gz
These work on el8 but of late some of our clients have been raising security concerns given these tarballs contain old open-ssl1.0.2k libs and are flagged by vulnerability scanners e.g: OpenSSL 1.0.2 < 1.0.2za Vulnerability<!-- --> | Tenable®
There appears to only be a glibc2.17 (el7) variant of the PXB8 tarball available (unlike PXC8 which has a glibc2.17 (el7) and glibc2.34 (el9) version - but also no glibc2.28 (el8) version)
Please can you help ideally by providing glibc2.28 variants of the PXB8 tarballs going forward and if possible can you provide any remediation steps for a glibc2.17 deployment on el8 to alleviate current concerns?
I am planning on raising a similar bug against Percona XtraDB Cluster 8 which also has the same issue - see
Many thanks.