Mailinglist Archive: opensuse-updates (98 mails)

< Previous Next >
openSUSE-SU-2015:0472-1: Security update for percona-toolkit, xtrabackup
openSUSE Security Update: Security update for percona-toolkit, xtrabackup

Announcement ID: openSUSE-SU-2015:0472-1
Rating: low
References: #919298
Cross-References: CVE-2015-1027
Affected Products:
openSUSE 13.2
openSUSE 13.1

An update that fixes one vulnerability is now available.


Percona Toolkit and XtraBackup were updated to fix bugs and security

Percona XtraBackup was vulnerable to MITM attack which could allow
exfiltration of MySQL configuration information via the --version-check
option. [boo#919298] CVE-2015-1027 lp#1408375.

The openSUSE package has the version check disabled by default.

Percona Toolkit was updated to 2.2.13:
* Feature lp#1391240: pt-kill added query fingerprint hash to output
* Fixed lp#1402668: pt-mysql-summary fails on cluster in Donor/Desynced
* Fixed lp#1396870: pt-online-schema-change CTRL+C leaves terminal in
inconsistent state
* Fixed lp#1396868: pt-online-schema-change --ask-pass option error
* Fixed lp#1266869: pt-stalk fails to start if $HOME environment variable
is not set
* Fixed lp#1019479: pt-table-checksum does not work with sql_mode
* Fixed lp#1394934: pt-table-checksum error in debug mode
* Fixed lp#1321297: pt-table-checksum reports diffs on timestamp columns
in 5.5 vs 5.6
* Fixed lp#1399789: pt-table-checksum fails to find pxc nodes when
wsrep_node_incoming_address is set to AUTO
* Fixed lp#1388870: pt-table-checksum has some errors with different time
* Fixed lp#1408375: vulnerable to MITM attack which would allow
exfiltration of MySQL configuration information via --version-check
[boo#919298] [CVE-2015-1027]
* Fixed lp#1404298: missing MySQL5.7 test files for pt-table-checksum
* Fixed lp#1403900: added sandbox and fixed sakila test db for 5.7

Percona XtraBackup was updated to version 2.2.9:
* xtrabackup_galera_info file isn't overwritten during the Galera
auto-recovery. lp#1418584.
* Percona XtraBackup now sets the maximum supported session value for
lock_wait_timeout variable to prevent unnecessary timeouts when the
global value is changed from the default. lp#1410339.
* New option --backup-locks, enabled by default, has been implemented to
control if backup locks will be used even if they are supported by the
server. To disable backup locks innobackupex should be run with
innobackupex --no-backup-locks
option. lp#1418820.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-217=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-217=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):


- openSUSE 13.2 (noarch):


- openSUSE 13.1 (i586 x86_64):


- openSUSE 13.1 (noarch):



< Previous Next >
This Thread
  • No further messages