SuSE Update For Percona-toolkit,xtrabackup OpenSUSE-SU-2014:0333-1 (percona-toolkit,xtrabackup) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools [bnc#864194] Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server (or an attacker who can control this destination for the client) to collect arbitrary MySQL configuration parameters and execute commands (with -v). Now the version check needs to be requested via command line or global/tool specific/user configuration. (--version-check) - added /etc/percona-toolkit/percona-toolkit.conf configuration directory and template configuration file

Affected

percona-toolkit,xtrabackup on openSUSE 13.1

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00008.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2029

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

SLES10: Security update for libmikmod
SLES10: Security update for GnuTLS
SLES10: Security update for libexif
SLES10: Security update for netpbm
SLES10: Security update for freetype2,

SuSE Update for percona-toolkit,xtrabackup openSUSE-SU-2014:0333-1 (percona-toolkit,xtrabackup)

Take action and discover your vulnerabilities