openSUSE Security Update : xtrabackup (openSUSE-2017-132)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for xtrabackup fixes the following issues :

- CVE-2016-6225: xbcrypt encryption IV not being set
properly (boo#1019858)

In addition, XtraBackup was updated to 2.3.6 to include the following
improvements :

- now supports SHA256 passwords

- new supports command options for secure connections

The following bugs were fixed :

- intermittent assertion failures when not correctly
identifying server version

- Safe slave backup algorithm performed too short delays
between retries which could cause backups to fail on a
busy servers

- fix compilation warnings with gcc6

- Backup would still succeed even if xtrabackup would fail
to write the metadata

- xbcloud now supports EMC ECS Swift API Authorization

- backup failed with MariaDB 10.2 with the unsupported
server version error message

See also :

Solution :

Update the affected xtrabackup packages.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: SuSE Local Security Checks

Nessus Plugin ID: 96713 ()

Bugtraq ID:

CVE ID: CVE-2016-6225

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now