Mailinglist Archive: opensuse-security-announce (27 mails)

< Previous Next >
[security-announce] openSUSE-SU-2014:0333-1: important: percona-toolkit,xtrabackup: disable remote version check
openSUSE Security Update: percona-toolkit,xtrabackup: disable remote version

Announcement ID: openSUSE-SU-2014:0333-1
Rating: important
References: #864194
Cross-References: CVE-2014-2029
Affected Products:
openSUSE 13.1

An update that fixes one vulnerability is now available.


percona-toolkit and xtrabackup were updated:
- disable automatic version check for all tools
[bnc#864194] Prevents transmission of version information
to an external host in the default configuration.
CVE-2014-2029 Can be used by owner of a Percona Server
(or an attacker who can control this destination for the
client) to collect arbitrary MySQL configuration
parameters and execute commands (with -v). Now the
version check needs to be requested via command line or
global/tool specific/user configuration. (--version-check)
- added /etc/percona-toolkit/percona-toolkit.conf
configuration directory and template configuration file

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-184

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):


- openSUSE 13.1 (noarch):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages