openSUSE Security Update: xtrabackup: update to 2.1.6 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1864-1 Rating: moderate References: #852224 Cross-References: CVE-2013-6394 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Percona XtraBackup was updated to 2.1.6 [bnc#852224] - New Features: * New innobackupex --force-non-empty-directories option * now supports logs created with the new log block checksums - New Features specific to MySQL 5.6: option innodb_log_checksum_algorithm in Percona Server 5.6 - Bugs Fixed: * innobackupex --copy-back fails on empty innodb_data_home_dir * A fixed initialization vector (constant string) was used while encrypting the data. This opened the encrypted stream/data to plaintext attacks among others. CVE-2013-6394 * innobackupex --version-check is now on by default. * Since Version Check is enabled by default, new optin --no-version-check option has been introduced to disable it. * xtrabackup_slave_info didn't contain any GTID information, which could cause master_auto_position not to work properly * now supports absolute paths in innodb_data_file_path variable. * wouldn't back up the empty directory created with mkdir (i.e. test) outside of the server which could lead to inconsistencies during the Percona XtraDB Cluster State Snapshot Transfer. * wasn't able to perform backups to the NFS mount in some NFS configurations, because it was trying to preserve file ownership. * unable to perform backup if innodb_log_arch_dir variable was used in server configuration * Race condition in start_query_killer child code could cause parent MySQL connection to close. - Bugs Fixed specific to MySQL 5.6: * xtrabackup_56 was using CRC32 as the default checksum algorithm This could cause error if the innodb_checksum_algorithm value was changed to strict_innodb value after a restore. * xtrabackup_56 binary didn't store the server’s innodb_checksum_algorithm value to backup-my.cnf. This value is needed because it affects the on-disk data format. - update and tag percona-xtrabackup-2.1.x-nodoc.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-963 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): xtrabackup-2.1.6-5.1 xtrabackup-debuginfo-2.1.6-5.1 xtrabackup-debugsource-2.1.6-5.1 References: http://support.novell.com/security/cve/CVE-2013-6394.html https://bugzilla.novell.com/852224