openSUSE Security Update : xtrabackup (openSUSE-2017-132)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for xtrabackup fixes the following issues :

- CVE-2016-6225: xbcrypt encryption IV not being set
properly (boo#1019858)

In addition, XtraBackup was updated to 2.3.6 to include the following
improvements :

- now supports SHA256 passwords

- new supports command options for secure connections

The following bugs were fixed :

- intermittent assertion failures when not correctly
identifying server version

- Safe slave backup algorithm performed too short delays
between retries which could cause backups to fail on a
busy servers

- fix compilation warnings with gcc6

- Backup would still succeed even if xtrabackup would fail
to write the metadata

- xbcloud now supports EMC ECS Swift API Authorization
requests

- backup failed with MariaDB 10.2 with the unsupported
server version error message

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1019858

Solution :

Update the affected xtrabackup packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 96713 ()

Bugtraq ID:

CVE ID: CVE-2016-6225

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now