Overview
Request 288038 accepted
percona-toolkit and xtrabackup were updated to fix one vulnerability and several bugs.
The following security issues were fixed:
CVE-2015-1027 (boo#919298) Both packages were vulnerable to a man-in-the-middle attack which would allow exfiltration of MySQL configuration --version-check. They did not sufficiently verify a server certificate for validity.
The version check is disabled by default in openSUSE packages.
On openSUSE 13.1 and 13.2, Percona Toolkit was updated to 2.2.13 to fix a number of bugs.
On openSUSE 13.2, XtraBackup was updated to 2.2.9 to add improvements and bug fixes.
- Created by AndreasStieger
- In state accepted
Request History
AndreasStieger created request
percona-toolkit and xtrabackup were updated to fix one vulnerability and several bugs.
The following security issues were fixed:
CVE-2015-1027 (boo#919298) Both packages were vulnerable to a man-in-the-middle attack which would allow exfiltration of MySQL configuration --version-check. They did not sufficiently verify a server certificate for validity.
The version check is disabled by default in openSUSE packages.
On openSUSE 13.1 and 13.2, Percona Toolkit was updated to 2.2.13 to fix a number of bugs.
On openSUSE 13.2, XtraBackup was updated to 2.2.9 to add improvements and bug fixes.
maintbot accepted review
accepted
maintbot approved review
accepted
msmeissn moved maintenance target to openSUSE:Maintenance:3587
msmeissn accepted request
ok