openSUSE Security Update: update for xtrabackup ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0245-1 Rating: moderate References: #852224 #860488 Cross-References: CVE-2013-6394 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following security and non-security issues with xtrabackup: - update to 2.1.7 [bnc#860488] - general changes: * rebased on MySQL versions 5.5.35 and 5.6.15 * now uses libgcrypt randomization functions for setting the IV [lp#1255300] [bnc#852224] CVE-2013-6394 - bugs fixed: * After being rebased on MySQL 5.6.11 Percona XtraBackup has been affected by the upstream bug #69780 (backward compatibility for InnoDB recovery) [lp#1203669] * Backup directory would need to be specified even for running the innobackupex with --help and --version options. [lp#1223716] - bugs fixed specific to MySQL 5.6: * xtrabackpu did not roll back prepared XA transactions when applying the log. [lp#1254227] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-137 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): xtrabackup-2.1.7-9.1 xtrabackup-debuginfo-2.1.7-9.1 xtrabackup-debugsource-2.1.7-9.1 References: http://support.novell.com/security/cve/CVE-2013-6394.html https://bugzilla.novell.com/852224 https://bugzilla.novell.com/860488